Solved Finally reaching out

[antmanmax]

Hey there, attached are the log files per the 4-step prelim removal thread.

A few additional things:

I've run RogueKiller, MBAM, etc. It seems that whatever's infected my machine has limited its ability to do certain things, mainly opening antimalware software (unless it's renamed to something else), fully enabling malware software e.g. Windows Defender will not enable, MBAM will not enable real-time protection, etc.

I consider myself an intermediate user when it comes to viruses, but this thing just won't quit.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================

Please observe forum rules.
All logs have to be pasted not attached.

 

[antmanmax]

Hey Broni, thanks for the quick reply. I tried to paste the logs in the chatbox but it flagged it as spam, or too long (not sure which). What do I do now?

 

[Broni]

You're infected with Smartservice rootkit.
It can't be fixed from within Windows so you must follow these instructions.
Please pay attention to every single step.
http://www.smartestcomputing.us.com/topic/102856-smartservice-rootkit/?do=findComment&comment=351953

 

[antmanmax]

Followed the steps as written, malwarebytes was able to quarantine and remove everything except wmcagent

Here's the FRST result from running the bootable disk created from a clean PC:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.05.2018
Ran by SYSTEM on MININT-VQ86VDP (15-05-2018 02:13:56)
Running from F:\
Platform: Windows 10 Home Version 1709 16299.371 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool:

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [14056 2014-10-30] (Alienware)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [NoteBurner] => C:\Program Files (x86)\NoteBurner\VTBurnerGUI.exe [4345856 2007-12-19] (NoteBurner.COM)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [366904 2015-10-07] (Power Software Ltd)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKU\BEBOP\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-02] (Valve Corporation)
HKU\BEBOP\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18334528 2018-04-12] (Piriform Ltd)
HKU\BEBOP\...\Run: [Discord] => C:\Users\BEBOP\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\BEBOP\...\Run: [f.lux] => C:\Users\BEBOP\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\BEBOP\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-12-21] (Nota Inc.)
HKU\BEBOP\...\Run: [Gaijin.Net Agent] => C:\Users\BEBOP\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2116168 2018-01-30] (Gaijin Entertainment)
HKU\BEBOP\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1208648 2018-05-08] ()
HKU\Default\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
Startup: C:\Users\BEBOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-03-18] ()
Startup: C:\Users\BEBOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\landscape.lnk [2018-04-19]
ShortcutTarget: landscape.lnk -> C:\Program Files (x86)\Rapport\Adman.exe (No File)
Startup: C:\Users\BEBOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\landscapelandscape.lnk [2018-04-19]
ShortcutTarget: landscapelandscape.lnk -> C:\Program Files (x86)\inert\fy.exe (No File)
Startup: C:\Users\BEBOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-12-14]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (No File)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"HKLM\System\ControlSet001\Services\aolcspvt" => removed successfully
C:\Windows\System32\drivers\vsshknru.sys => moved successfully
"HKLM\System\ControlSet001\Services\pptttw" => removed successfully
C:\Users\Administrator\AppData\Local\avoxrdt\avoxrdt.exe => moved successfully
C:\Users\Administrator\AppData\Local\avoxrdt\sbbkoxe.exe => moved successfully
C:\Users\Administrator\AppData\Local\wmcagent\wmcagent.exe => moved successfully
C:\Users\Administrator\AppData\Local\wmcagent\wow_helper.exe => moved successfully
C:\Users\BEBOP\AppData\Local\exibsud\exibsud.exe => moved successfully
C:\Users\BEBOP\AppData\Local\exibsud\seockvw.exe => moved successfully
C:\Users\BEBOP\AppData\Local\wmcagent\wmcagent.exe => moved successfully
C:\Users\BEBOP\AppData\Local\wmcagent\wow_helper.exe => moved successfully
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6076936 2018-05-08] ()
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-11] (Microsoft Corporation)
S2 DellUpdate; C:\Program Files (x86)\Alienware Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-18] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-23] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1966408 2018-05-08] (Overwolf LTD)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-03] (Realtek Semiconductor)
S2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-15] (DEVGURU Co., LTD.)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-02-24] (Synaptics Incorporated)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.4.1\WsAppService.exe [417792 2016-07-12] (Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [103736 2015-09-22] (Wondershare)
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEDaisy; C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [1832880 2018-05-14] ()
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [19440 2015-11-10] (OSR Open Systems Resources, Inc.)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-10] ()
S0 EMSC; C:\Windows\System32\drivers\EMSC.SYS [17720 2012-07-10] ()
S0 EMSC; C:\Windows\SysWOW64\drivers\EMSC.SYS [15160 2012-07-10] ()
S1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes)
S1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [27552 2016-01-03] (REALiX(tm))
S3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [145920 2017-09-29] (Qualcomm Atheros, Inc.)
S2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [190696 2018-05-10] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-05-14] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [44768 2018-05-14] (Malwarebytes)
S1 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253664 2018-05-10] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [103648 2018-05-14] (Malwarebytes)
S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (Visicom Media Inc.)
S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-18] (Intel Corporation)
S3 ntcdrdrv; C:\Windows\system32\DRIVERS\ntcdrdrv.sys [25680 2011-01-06] (NoteBurn Software)
S3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_5a184893dfb38fc1\nvlddmkm.sys [17168744 2018-05-08] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-23] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [59240 2018-03-23] (NVIDIA Corporation)
S3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [58816 2018-05-07] (NVIDIA Corporation)
S3 PCDSRVC{90AB3B40-A9A6E5C8-06020200}_0; c:\program files\alienware\supportassist\pcdsrvc_x64.pkms [25584 2015-10-27] (PC-Doctor, Inc.)
S3 RAZERSEIREN; C:\Windows\system32\DRIVERS\SEIREN.sys [3806920 2015-11-29] (Razer Inc.)
S5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [865216 2018-05-13] (Realsil Semiconductor Corporation)
S5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [424384 2018-05-13] (Realsil Semiconductor Corporation)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [72288 2017-02-24] (Synaptics Incorporated)
S3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [84432 2017-03-26] (The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46072 2018-04-25] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [313888 2018-04-25] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [61472 2018-04-25] (Microsoft Corporation)
S3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
S4 pbicvmra; System32\drivers\exhzbkgv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-14 12:13 - 2018-05-14 12:13 - 001828618 _____ C:\Users\BEBOP\Downloads\mlb tickets 1.pdf
2018-05-14 12:13 - 2018-05-14 12:13 - 001565513 _____ C:\Users\BEBOP\Downloads\mlb tickets 2.pdf
2018-05-14 02:38 - 2018-05-14 02:38 - 000000000 ____D C:\Users\BEBOP\AppData\Local\exmtgks
2018-05-14 02:36 - 2018-05-14 02:36 - 005071000 _____ C:\Windows\System32\FNTCACHE.DAT
2018-05-14 02:29 - 2018-05-14 02:29 - 000000000 ____D C:\Users\BEBOP\AppData\Local\ElevatedDiagnostics
2018-05-13 22:20 - 2018-05-13 22:20 - 000000000 ____D C:\Users\BEBOP\AppData\Local\cgrszdp
2018-05-13 22:19 - 2018-05-14 02:36 - 000103648 ____N (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2018-05-13 22:17 - 2018-05-13 22:18 - 000000021 _____ C:\Users\BEBOP\Desktop\info tax.txt
2018-05-13 22:17 - 2018-05-13 22:17 - 000000000 ____D C:\Users\BEBOP\Desktop\New folder
2018-05-13 22:14 - 2018-05-13 22:14 - 018151984 _____ C:\Users\BEBOP\Downloads\0007-RtsXStor_10.0.370.188.zip
2018-05-13 22:14 - 2018-05-13 22:14 - 009891328 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2018-05-13 22:14 - 2018-05-13 22:14 - 000865216 _____ (Realsil Semiconductor Corporation) C:\Windows\System32\Drivers\RtsPer.sys
2018-05-13 22:14 - 2018-05-13 22:14 - 000424384 _____ (Realsil Semiconductor Corporation) C:\Windows\System32\Drivers\RtsUer.sys
2018-05-13 22:14 - 2018-05-13 22:14 - 000338880 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtsBaStor.sys
2018-05-13 22:14 - 2018-05-13 22:14 - 000329664 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtsP2Stor.sys
2018-05-13 22:14 - 2018-05-13 22:14 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-05-13 19:47 - 2018-05-13 19:47 - 000013649 _____ C:\Users\BEBOP\Downloads\2017-taxdocuments-x9121-.pdf
2018-05-13 19:13 - 2018-05-13 19:13 - 000379392 _____ C:\Users\BEBOP\Downloads\subinacl.msi
2018-05-13 03:33 - 2018-05-13 03:33 - 000007500 _____ C:\Users\BEBOP\Downloads\ResetWUEng.zip
2018-05-13 03:33 - 2018-05-13 03:33 - 000000000 ____D C:\Users\BEBOP\Desktop\Reset Windows Update Tool
2018-05-12 23:35 - 2018-05-12 23:38 - 000000000 ____D C:\Users\BEBOP\AppData\Local\Google
2018-05-12 23:35 - 2018-05-12 23:35 - 000002347 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-12 23:35 - 2018-05-12 23:35 - 000000000 ____D C:\Program Files (x86)\Google
2018-05-12 23:11 - 2018-05-12 23:11 - 000053006 _____ C:\Users\BEBOP\Desktop\Addition.txt
2018-05-12 23:10 - 2018-05-12 23:11 - 000051336 _____ C:\Users\BEBOP\Desktop\FRST.txt
2018-05-12 23:10 - 2018-05-12 23:10 - 002404864 _____ (Farbar) C:\Users\BEBOP\Desktop\FRST64.exe
2018-05-12 23:10 - 2018-05-12 23:10 - 000000000 ____D C:\Users\BEBOP\Desktop\FRST-OlderVersion
2018-05-12 22:58 - 2018-05-12 22:58 - 000000000 ____D C:\Users\BEBOP\AppData\LocalLow\Temp
2018-05-12 22:45 - 2018-05-12 22:45 - 000000000 ____D C:\Users\BEBOP\AppData\Local\dwskmpc
2018-05-12 22:42 - 2018-05-12 22:42 - 000000000 ____D C:\Users\BEBOP\AppData\Local\svrxedn
2018-05-12 22:39 - 2018-05-12 22:39 - 000000000 ____D C:\Users\BEBOP\AppData\Local\remlagx
2018-05-12 22:36 - 2018-05-12 22:37 - 000000000 ____D C:\AdwCleaner
2018-05-12 21:47 - 2018-05-12 21:47 - 000000000 ____D C:\Users\BEBOP\AppData\Local\cwstzpb
2018-05-12 19:31 - 2018-05-12 19:31 - 000000000 ____D C:\Users\BEBOP\AppData\Local\dtanwhx
2018-05-12 06:17 - 2018-05-12 06:17 - 000000000 ____D C:\Users\BEBOP\AppData\Local\wdebstm
2018-05-11 20:23 - 2018-05-11 20:23 - 000000000 ___HD C:\$Windows.~WS
2018-05-11 20:23 - 2018-05-11 20:23 - 000000000 ____D C:\$WINDOWS.~BT
2018-05-11 20:17 - 2018-05-11 20:30 - 000000000 ____D C:\ESD
2018-05-11 20:16 - 2018-05-11 20:16 - 000000000 ____D C:\Users\BEBOP\AppData\Local\usnarme
2018-05-10 18:40 - 2018-05-10 18:40 - 000000000 ____D C:\Users\BEBOP\AppData\Local\nvckbdw
2018-05-10 02:08 - 2018-05-10 02:08 - 000000000 ____D C:\Users\BEBOP\AppData\Local\dsilbcn
2018-05-10 01:54 - 2018-05-10 01:54 - 000000000 ____D C:\Windows10Upgrade
2018-05-10 01:48 - 2018-05-15 02:13 - 000000000 ____D C:\Users\Administrator\AppData\Local\wmcagent
2018-05-10 01:48 - 2018-05-10 01:48 - 000000000 ____D C:\Users\Administrator\AppData\Local\CEF
2018-05-10 01:48 - 2018-05-10 01:48 - 000000000 ____D C:\Users\Administrator\AppData\Local\avbezis
2018-05-10 01:45 - 2018-05-15 02:13 - 000000000 ____D C:\Users\Administrator\AppData\Local\avoxrdt
2018-05-10 01:45 - 2018-05-10 01:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\svhxciz
2018-05-10 01:44 - 2018-05-10 01:44 - 000000000 ____D C:\Users\Administrator\AppData\Local\Comms
2018-05-10 01:37 - 2018-05-14 10:04 - 000000000 ____D C:\Users\Administrator\AppData\Local\ClassicShell
2018-05-10 01:37 - 2018-05-10 01:37 - 000003368 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3428963390-2178166571-3703012988-500
2018-05-10 01:37 - 2018-05-10 01:37 - 000000000 ___RD C:\Users\Administrator\OneDrive
2018-05-10 01:37 - 2018-05-10 01:37 - 000000000 ____D C:\Users\Administrator\Documents\Alienware TactX
2018-05-10 01:37 - 2018-05-10 01:37 - 000000000 ____D C:\Users\Administrator\Documents\AlienFX
2018-05-10 01:37 - 2018-05-10 01:37 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\ClassicShell
2018-05-10 01:36 - 2018-05-14 02:38 - 000002343 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2018-05-10 01:36 - 2018-05-10 01:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2018-05-10 01:36 - 2018-05-10 01:38 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2018-05-10 01:36 - 2018-05-10 01:37 - 000000000 ____D C:\users\Administrator
2018-05-10 01:36 - 2018-05-10 01:36 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2018-05-10 01:36 - 2018-05-10 01:36 - 000000000 ___RD C:\Users\Administrator\3D Objects
2018-05-10 01:36 - 2018-05-10 01:36 - 000000000 ___HD C:\Users\Administrator\MicrosoftEdgeBackups
2018-05-10 01:36 - 2018-05-10 01:36 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2018-05-10 01:36 - 2018-05-10 01:36 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2018-05-10 01:36 - 2018-05-10 01:36 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2018-05-10 01:36 - 2018-05-10 01:36 - 000000000 ____D C:\Users\Administrator\AppData\Local\MicrosoftEdge
2018-05-10 01:36 - 2018-05-10 01:36 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2018-05-10 01:36 - 2018-05-10 01:36 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2018-05-10 01:36 - 2018-05-10 01:36 - 000000000 ____D C:\Users\Administrator\ansel
2018-05-10 01:24 - 2018-05-10 01:24 - 000000000 ____D C:\Users\BEBOP\AppData\Local\dwaezhv
2018-05-10 01:16 - 2018-05-14 02:37 - 000044768 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2018-05-10 01:16 - 2018-05-14 02:36 - 000112864 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2018-05-10 01:16 - 2018-05-10 01:16 - 000253664 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
2018-05-10 01:16 - 2018-05-10 01:16 - 000190696 _____ (Malwarebytes) C:\Windows\System32\Drivers\MbamChameleon.sys
2018-05-10 00:44 - 2018-05-10 00:44 - 000028272 _____ C:\Windows\System32\Drivers\TrueSight.sys
2018-05-10 00:43 - 2018-05-10 01:16 - 000000000 ____D C:\ProgramData\RogueKiller
2018-05-10 00:43 - 2018-05-10 00:43 - 000000000 ____D C:\Program Files\RogueKiller
2018-05-10 00:42 - 2018-05-10 00:42 - 000000000 ____D C:\Users\BEBOP\AppData\Local\rtsehwb
2018-05-10 00:39 - 2018-05-10 00:39 - 000000000 ____D C:\Users\BEBOP\AppData\Local\cwilpsd
2018-05-10 00:25 - 2018-05-10 00:25 - 000000000 ____D C:\Users\BEBOP\AppData\Local\dsolcbr
2018-05-10 00:22 - 2018-05-10 00:22 - 000000000 ____D C:\Users\BEBOP\AppData\Local\spstwbn
2018-05-10 00:17 - 2018-05-12 23:11 - 000000000 ____D C:\FRST
2018-05-10 00:13 - 2018-05-10 00:13 - 000000000 ____D C:\Users\BEBOP\AppData\Local\sndizuo
2018-05-10 00:12 - 2018-05-10 00:12 - 000250816 _____ (Malwarebytes) C:\Windows\System32\Drivers\15003B69.sys
2018-05-10 00:08 - 2018-05-10 00:08 - 000000000 ____D C:\Users\BEBOP\AppData\Local\csdzvpo
2018-05-10 00:07 - 2018-05-10 00:07 - 000250816 _____ (Malwarebytes) C:\Windows\System32\Drivers\2D0337C3.sys
2018-05-09 23:37 - 2018-05-09 23:37 - 000000000 ____D C:\Users\BEBOP\AppData\Local\sckngdv
2018-05-09 23:31 - 2018-05-09 23:31 - 000250816 _____ (Malwarebytes) C:\Windows\System32\Drivers\3B391C50.sys
2018-05-09 23:30 - 2018-05-09 23:30 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-09 23:29 - 2018-05-10 00:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-09 23:23 - 2018-05-09 23:23 - 000000000 ____D C:\Users\BEBOP\AppData\Local\sihkwgm
2018-05-09 23:13 - 2018-05-07 11:26 - 000132488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-05-09 23:12 - 2018-04-26 01:36 - 000152184 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbae64.sys
2018-05-09 23:09 - 2018-05-08 13:22 - 001990688 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6439764.dll
2018-05-09 23:09 - 2018-05-08 13:22 - 001561504 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2018-05-09 23:09 - 2018-05-08 13:22 - 001467992 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6439764.dll
2018-05-09 23:09 - 2018-05-08 13:22 - 001417816 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2018-05-09 23:09 - 2018-05-08 13:22 - 001215576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-05-09 23:09 - 2018-05-08 13:22 - 001091432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-05-09 23:09 - 2018-05-08 13:22 - 000749928 _____ (NVIDIA Corporation) C:\Windows\System32\nvDecMFTMjpeg.dll
2018-05-09 23:09 - 2018-05-08 13:22 - 000626776 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFROpenGL.dll
2018-05-09 23:09 - 2018-05-08 13:22 - 000608704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2018-05-09 23:09 - 2018-05-08 13:22 - 000517888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-05-09 23:09 - 2018-05-08 13:21 - 040346984 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2018-05-09 23:09 - 2018-05-08 13:21 - 035250776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-05-09 23:09 - 2018-05-08 13:21 - 031273728 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2018-05-09 23:09 - 2018-05-08 13:21 - 025987296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-05-09 23:09 - 2018-05-08 13:21 - 013725744 _____ (NVIDIA Corporation) C:\Windows\System32\nvptxJitCompiler.dll
2018-05-09 23:09 - 2018-05-08 13:21 - 011271400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-05-09 23:09 - 2018-05-08 13:21 - 004347832 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2018-05-09 23:09 - 2018-05-08 13:21 - 003758496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-05-09 23:09 - 2018-05-08 13:21 - 001349712 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncMFTH264.dll
2018-05-09 23:09 - 2018-05-08 13:21 - 001157392 _____ (NVIDIA Corporation) C:\Windows\System32\nvfatbinaryLoader.dll
2018-05-09 23:09 - 2018-05-08 13:21 - 001064424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2018-05-09 23:09 - 2018-05-08 13:21 - 000904720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-05-09 23:09 - 2018-05-08 13:21 - 000813912 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2018-05-09 23:09 - 2018-05-08 13:21 - 000652344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-05-09 23:09 - 2018-05-08 13:20 - 017779440 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2018-05-09 23:09 - 2018-05-08 13:20 - 015191088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-05-09 23:00 - 2018-05-09 23:00 - 000000000 ____D C:\Users\BEBOP\AppData\Local\upkdhgc
2018-05-08 23:01 - 2018-05-08 23:01 - 000000000 ____D C:\Users\BEBOP\AppData\Local\wdcusbv
2018-05-08 21:55 - 2018-05-12 22:52 - 000004210 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-05-08 21:19 - 2018-05-08 21:19 - 000255928 _____ (Malwarebytes) C:\Windows\System32\Drivers\512492E1.sys
2018-05-08 21:18 - 2018-05-08 21:18 - 000000000 ____D C:\Users\BEBOP\AppData\Local\exsbcwo
2018-05-08 21:13 - 2018-05-08 21:13 - 000000000 ____D C:\Users\BEBOP\AppData\Local\sikhcpw
2018-05-08 21:06 - 2018-05-12 21:45 - 000000000 ____D C:\Windows\System32\Catroot2.bak
2018-05-08 20:58 - 2018-05-08 22:24 - 000000000 ____D C:\Windows\SoftwareDistribution.bak
2018-05-08 20:22 - 2018-05-08 20:22 - 000000000 ____D C:\Users\BEBOP\AppData\Local\ranbuet
2018-05-08 20:18 - 2018-05-08 20:18 - 000030888 _____ (Microsoft Corporation) C:\Windows\System32\aspnet_counters.dll
2018-05-08 20:18 - 2018-05-08 20:18 - 000029352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2018-05-08 20:17 - 2018-05-08 20:17 - 000019088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2018-05-08 20:17 - 2018-05-08 20:17 - 000019088 _____ (Microsoft Corporation) C:\Windows\System32\msvcr100_clr0400.dll
2018-05-08 20:15 - 2018-05-08 20:15 - 000000000 ____D C:\Program Files (x86)\Alienware Update
2018-05-08 20:05 - 2018-05-08 20:05 - 000000000 ____D C:\Users\BEBOP\AppData\Local\avngext
2018-05-08 12:55 - 2018-05-08 12:55 - 000000000 ____D C:\Users\BEBOP\AppData\Local\dtcbplz
2018-05-07 21:06 - 2018-04-27 18:04 - 001990584 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6439731.dll
2018-05-07 21:06 - 2018-04-27 18:04 - 001467992 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6439731.dll
2018-05-07 21:06 - 2018-04-24 11:33 - 000046064 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2018-05-02 07:55 - 2018-05-02 07:55 - 000000000 ____D C:\Users\BEBOP\AppData\Local\wmmsdzo
2018-05-01 08:13 - 2018-05-01 08:13 - 000000000 ____D C:\Users\BEBOP\AppData\Local\nvhagxt
2018-04-30 14:56 - 2018-04-30 14:56 - 000000000 ____D C:\Users\BEBOP\AppData\Local\wenkxut
2018-04-29 13:55 - 2018-04-29 13:55 - 000000000 ____D C:\Users\BEBOP\AppData\Local\weramlp
2018-04-29 06:26 - 2018-04-29 06:26 - 000000000 ____D C:\Users\BEBOP\AppData\Local\pchaodk
2018-04-28 22:30 - 2018-05-12 23:23 - 000000000 ____D C:\Program Files (x86)\NordVPN
2018-04-28 15:32 - 2018-04-28 15:32 - 000000000 ____D C:\Users\BEBOP\AppData\Local\svolmur
2018-04-28 02:46 - 2018-04-28 02:46 - 000000000 ____D C:\Users\BEBOP\AppData\Local\pseozkc
2018-04-27 22:26 - 2018-04-27 22:26 - 000000000 ____D C:\Users\BEBOP\AppData\Local\scmuwgh
2018-04-27 21:54 - 2018-04-27 21:54 - 000000000 ____D C:\Users\BEBOP\AppData\Local\snswdkx
2018-04-27 21:50 - 2018-05-12 23:21 - 000000000 ____D C:\Users\BEBOP\AppData\Local\SaferVPN
2018-04-27 21:50 - 2016-04-21 01:10 - 000027136 _____ (The OpenVPN Project) C:\Windows\System32\Drivers\tap0901.sys
2018-04-27 20:56 - 2018-04-27 20:56 - 000000000 ____D C:\Users\BEBOP\AppData\Local\iaknmcb
2018-04-27 20:49 - 2018-04-27 20:49 - 000000000 ____D C:\Users\BEBOP\AppData\Local\nicbzdt
2018-04-27 20:36 - 2018-04-27 20:36 - 000000000 ____D C:\ProgramData\NordVpn
2018-04-27 20:36 - 2018-04-27 20:36 - 000000000 ____D C:\ProgramData\Caphyon
2018-04-27 20:35 - 2018-04-27 20:36 - 000000000 ____D C:\Users\BEBOP\AppData\Local\NordVPN
2018-04-27 20:34 - 2018-05-02 07:59 - 000000000 ____D C:\Users\BEBOP\AppData\Roaming\NordVPN
2018-04-27 20:34 - 2018-04-27 20:34 - 000000000 ____D C:\Program Files\TAP-NordVPN
2018-04-26 23:33 - 2018-04-26 23:33 - 000000000 ____D C:\Users\BEBOP\AppData\Local\sbimknz
2018-04-26 17:32 - 2018-04-26 17:32 - 000000000 ____D C:\Users\BEBOP\AppData\Local\wecodbi
2018-04-25 18:27 - 2018-04-25 18:27 - 000000000 ____D C:\Users\BEBOP\AppData\Local\psbkgal
2018-04-25 16:27 - 2018-04-25 16:27 - 000000000 ____D C:\Users\BEBOP\AppData\Local\sceknbg
2018-04-25 03:25 - 2018-04-25 03:25 - 000000000 ____D C:\Users\BEBOP\AppData\Local\sprkxdc
2018-04-24 15:01 - 2018-04-24 15:01 - 000000000 ____D C:\Users\BEBOP\AppData\Local\svnlzoi
2018-04-23 16:59 - 2018-04-23 16:59 - 000000000 ____D C:\Users\BEBOP\AppData\Local\csakdrt
2018-04-22 17:57 - 2018-04-22 17:57 - 000000000 ____D C:\Users\BEBOP\AppData\Local\pwexvrg
2018-04-22 17:54 - 2018-04-22 17:54 - 000000000 ____D C:\Users\BEBOP\AppData\Local\cwaving
2018-04-22 17:39 - 2018-04-22 17:39 - 000000000 ____D C:\Users\BEBOP\AppData\Local\niakzpl
2018-04-21 21:06 - 2018-04-21 21:06 - 000000000 ____D C:\Users\BEBOP\AppData\Local\csdokxr
2018-04-21 09:19 - 2018-04-21 09:19 - 000000000 ____D C:\Users\BEBOP\AppData\Local\zaebltv
2018-04-20 16:17 - 2018-04-20 16:17 - 000000000 ____D C:\Users\BEBOP\AppData\Local\siaxcrd
2018-04-20 12:01 - 2018-04-20 12:01 - 000000000 ____D C:\Users\BEBOP\AppData\Local\cwhnutb
2018-04-19 19:04 - 2018-05-12 23:35 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-04-19 19:04 - 2018-05-12 23:35 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-04-19 19:03 - 2018-05-08 20:16 - 000000000 ____D C:\Users\BEBOP\AppData\Local\Deployment
2018-04-19 18:58 - 2018-04-19 18:58 - 000000000 ____D C:\Users\BEBOP\AppData\Local\msnkuat
2018-04-19 18:57 - 2018-05-14 02:26 - 000004148 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8864AFCE-56FE-4153-9B0C-07D6B653AB2C}
2018-04-19 18:48 - 2018-04-19 18:48 - 000000000 ____D C:\Users\BEBOP\AppData\Local\rahdleg
2018-04-19 18:33 - 2018-04-19 18:33 - 000000000 ____D C:\Program Files\EaseUS
2018-04-19 18:24 - 2018-04-19 18:24 - 000000000 ____D C:\Users\BEBOP\AppData\Local\spmoewc
2018-04-19 18:19 - 2018-04-19 18:19 - 000072816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\yvgzwbiu.sys
2018-04-19 18:08 - 2018-05-15 02:13 - 000000000 ____D C:\Users\BEBOP\AppData\Local\wmcagent
2018-04-19 18:08 - 2018-04-21 02:28 - 000000000 ____D C:\Users\BEBOP\AppData\Local\csiobtv
2018-04-19 18:05 - 2018-05-15 02:13 - 000000000 ____D C:\Users\BEBOP\AppData\Local\exibsud
2018-04-19 18:05 - 2018-04-19 18:05 - 000000000 ____D C:\Users\BEBOP\AppData\Local\cosxhun
2018-04-19 18:04 - 2018-05-14 02:36 - 002888704 _____ C:\Windows\System32\snelowksvc.exe
2018-04-19 18:04 - 2018-05-08 21:09 - 000000000 ____D C:\Program Files (x86)\muting
2018-04-19 18:04 - 2018-04-19 18:04 - 000000012 _____ C:\Windows\b20769684
2018-04-19 18:04 - 2018-04-19 18:04 - 000000000 ____D C:\Windows\SysWOW64\dsmxcol
2018-04-19 18:04 - 2018-04-19 18:04 - 000000000 ____D C:\Windows\System32\dsmxcol
2018-04-19 18:03 - 2018-04-19 18:03 - 000000000 ____D C:\Users\BEBOP\AppData\Roaming\et
2018-04-19 01:27 - 2018-04-19 01:27 - 002211328 _____ C:\Windows\060f4e2c34031fa5f5020a7fab20e0cb.exe
2018-04-19 01:27 - 2018-04-19 01:27 - 000039553 _____ C:\Windows\uninstaller.dat

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-14 22:06 - 2017-05-23 10:00 - 000000000 ____D C:\ProgramData\NVIDIA
2018-05-14 22:06 - 2016-12-26 11:21 - 000000000 ____D C:\Users\BEBOP\AppData\Local\ClassicShell
2018-05-14 22:00 - 2015-12-01 22:37 - 000000000 ____D C:\Users\BEBOP\AppData\Local\Adobe
2018-05-14 19:13 - 2015-12-14 23:58 - 000000000 ____D C:\Users\BEBOP\AppData\Roaming\MPC-HC
2018-05-14 19:11 - 2018-01-11 23:26 - 000000000 ____D C:\Windows\System32\SleepStudy
2018-05-14 12:38 - 2015-11-29 15:18 - 000000000 ____D C:\Program Files (x86)\Steam
2018-05-14 10:25 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-05-14 10:24 - 2017-09-29 05:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-14 10:24 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\AppReadiness
2018-05-14 10:07 - 2018-01-11 23:43 - 002310388 _____ C:\Windows\System32\PerfStringBackup.INI
2018-05-14 10:05 - 2017-02-14 18:58 - 000000000 ____D C:\Users\BEBOP\AppData\Local\Overwolf
2018-05-14 02:38 - 2018-01-11 22:41 - 000000000 ___DC C:\Windows\Panther
2018-05-14 02:36 - 2018-01-11 23:37 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-14 02:36 - 2017-09-29 05:44 - 000000000 ____D C:\Windows\INF
2018-05-14 02:36 - 2017-09-29 00:45 - 018874368 _____ C:\Windows\System32\config\HARDWARE
2018-05-14 02:36 - 2017-09-29 00:45 - 001048576 _____ C:\Windows\System32\config\BBI
2018-05-14 02:29 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\NDF
2018-05-14 01:58 - 2015-12-13 21:42 - 000000000 ____D C:\Users\BEBOP\AppData\Local\CrashDumps
2018-05-13 22:14 - 2016-02-03 09:47 - 000400320 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtsPStor.sys
2018-05-13 22:14 - 2015-12-15 14:59 - 000000000 ____D C:\Windows\SysWOW64\sda
2018-05-13 21:50 - 2016-01-09 08:25 - 000000000 ___RD C:\Users\BEBOP\Desktop\desktop ****
2018-05-13 06:43 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\rescache
2018-05-13 03:39 - 2017-09-29 05:37 - 000000000 ____D C:\Windows\CbsTemp
2018-05-13 03:35 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\AppLocker
2018-05-12 23:21 - 2016-01-19 22:18 - 000000000 ____D C:\ProgramData\Skype
2018-05-12 06:15 - 2018-01-11 23:32 - 000000000 ____D C:\users\BEBOP
2018-05-11 20:13 - 2015-12-14 00:56 - 000000000 ____D C:\Program Files\Adobe
2018-05-11 20:13 - 2015-12-14 00:55 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-05-11 20:11 - 2016-12-16 18:37 - 000000000 ____D C:\Users\BEBOP\AppData\Roaming\foobar2000
2018-05-10 12:18 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\LiveKernelReports
2018-05-10 02:02 - 2018-03-12 01:59 - 000000000 ____D C:\Windows\Minidump
2018-05-10 02:02 - 2016-12-31 21:35 - 000000000 ____D C:\Users\BEBOP\AppData\Roaming\Azureus
2018-05-10 01:44 - 2017-09-29 05:46 - 000000000 ___RD C:\Windows\PrintDialog
2018-05-10 01:36 - 2015-11-29 15:02 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-10 01:13 - 2015-11-29 17:31 - 000000000 ___HD C:\Windows\System32\GroupPolicy
2018-05-09 23:14 - 2017-05-23 10:00 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-05-09 23:13 - 2016-03-07 14:13 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-05-09 23:10 - 2015-12-14 01:01 - 000000881 _____ C:\Windows\System32\Drivers\etc\hosts.txt
2018-05-09 23:05 - 2017-02-14 18:58 - 000000000 ____D C:\Program Files (x86)\Overwolf
2018-05-08 22:02 - 2016-03-29 15:00 - 000000000 ____D C:\Users\BEBOP\AppData\Roaming\TS3Client
2018-05-08 21:55 - 2015-12-12 00:26 - 000000000 ____D C:\Program Files\CCleaner
2018-05-08 21:09 - 2016-08-17 13:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-05-08 20:56 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\Catroot2.old
2018-05-08 20:49 - 2017-09-29 05:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-05-08 20:26 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-05-08 20:21 - 2015-12-15 14:59 - 000000000 ____D C:\ProgramData\dell
2018-05-08 13:20 - 2018-03-28 17:18 - 004814040 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2018-05-08 13:20 - 2018-03-28 17:18 - 004089240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-05-07 21:09 - 2016-01-13 04:44 - 000000000 ____D C:\Users\BEBOP\AppData\Local\NVIDIA
2018-05-07 15:06 - 2016-02-22 06:46 - 000000000 ____D C:\Users\BEBOP\AppData\Roaming\discord
2018-05-07 15:06 - 2016-02-22 06:46 - 000000000 ____D C:\Users\BEBOP\AppData\Local\Discord
2018-05-07 13:04 - 2018-03-28 17:18 - 000058816 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvhci.sys
2018-05-07 13:04 - 2018-03-28 17:18 - 000044277 _____ C:\Windows\System32\nvinfo.pb
2018-05-07 11:16 - 2018-03-28 17:22 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-05-07 11:15 - 2018-03-28 17:22 - 005947976 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2018-05-07 11:15 - 2018-03-28 17:22 - 002612520 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2018-05-07 11:15 - 2018-03-28 17:22 - 001767552 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2018-05-07 11:15 - 2018-03-28 17:22 - 000634952 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll
2018-05-07 11:15 - 2018-03-28 17:22 - 000450856 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2018-05-07 11:15 - 2018-03-28 17:22 - 000124384 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2018-05-07 11:15 - 2018-03-28 17:22 - 000083240 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll
2018-05-02 09:32 - 2017-09-29 05:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-02 08:09 - 2015-11-29 15:35 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-05-01 13:25 - 2017-09-29 05:49 - 000835064 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-05-01 13:25 - 2017-09-29 05:49 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-01 08:15 - 2018-01-11 23:37 - 000003354 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3428963390-2178166571-3703012988-1001
2018-05-01 08:15 - 2015-11-29 15:04 - 000000000 ___RD C:\Users\BEBOP\OneDrive
2018-04-27 18:06 - 2018-01-11 23:28 - 000552480 _____ (Khronos Group) C:\Windows\System32\OpenCL.dll
2018-04-27 18:06 - 2018-01-11 23:28 - 000457144 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2018-04-25 16:30 - 2018-02-15 23:16 - 000000000 ____D C:\Windows\System32\Drivers\wd
2018-04-25 09:36 - 2016-01-02 19:13 - 000000000 ____D C:\Users\BEBOP\AppData\Local\NVIDIA Corporation
2018-04-24 22:18 - 2018-03-28 17:22 - 008173402 _____ C:\Windows\System32\nvcoproc.bin
2018-04-24 11:33 - 2018-03-28 17:18 - 001688104 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
2018-04-24 11:33 - 2018-03-28 17:18 - 000226280 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2018-04-17 18:04 - 2016-01-06 01:53 - 000000000 ____D C:\Program Files (x86)\Java
2018-04-17 18:03 - 2017-04-04 11:49 - 000098760 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 8115.02 MB
Available physical RAM: 7160.21 MB
Total Virtual: 8115.02 MB
Available Virtual: 7215.49 MB

==================== Drives ================================

Drive c: (Windows SSD) (Fixed) (Total:73.63 GB) (Free:3.72 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.17 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (ESD-USB) (Removable) (Total:14.96 GB) (Free:11.49 GB) FAT32
Drive g: (Storage SSD) (Fixed) (Total:111.3 GB) (Free:4.73 GB) NTFS
Drive I: () (Fixed) (Total:0.8 GB) (Free:0.33 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
Drive y: (Storage HDD) (Fixed) (Total:931.51 GB) (Free:80.48 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C8942241)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 928312E0)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 74.5 GB) (Disk ID: 28BA6FC5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=73.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=823 MB) - (Type=27)

========================================================
Disk: 3 (Protective MBR) (Size: 15 GB) (Disk ID: 00000000)

Partition: GPT.

LastRegBack: 2018-05-08 01:54

==================== End of FRST.txt ============================

 

[Broni]

Good job

Restart computer normally and...

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

 

[antmanmax]

Done as instructed, but RogueKiller crashes when it scans snelowksvc.exe. What next?

 

[Broni]

Try to run it from safe mode.
How to start Windows in Safe Mode

 

[antmanmax]

That seemed to do the trick, but it seems that wmcagent wasn't removed.

RogueKiller Report:

RogueKiller V12.12.17.0 (x64) [May 14 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : BEBOP [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 05/15/2018 19:00:39 (Duration : 00:27:40)

¤¤¤ Processes : 1 ¤¤¤
[VT.Unknown] OverwolfBrowser.exe(13252) -- C:\Program Files (x86)\Overwolf\0.114.1.39\OverwolfBrowser.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] \decriminalization_reliable -- C:\Users\BEBOP\AppData\Local\fy.exe (ovl) -> Deleted
[Suspicious.Path] \unreleased intraday bima -- C:\Users\BEBOP\AppData\Local\Adman.exe (ovl) -> Deleted

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUP.Gen1|PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://search.conduit.com/?SearchSource=10&ctid=CT3059010] -> Deleted
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [chrome://extensions/] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVX-75JC3T0 +++++
--- User ---
[MBR] 305acbbf28f90c7567e263391b62a715
[BSP] a47dc1050811ddc6429701dffe447683 : Linux|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SPCC Solid State Disk +++++
--- User ---
[MBR] 43bb59ca9315202bfa1bd6f817aa35ea
[BSP] 603b6fb723faa6f6df19b5e3f07ce223 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 113971 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: LITEONIT DMT-80M6M-11 mSATA 80GB +++++
--- User ---
[MBR] 2d1e73fb0aacf12de38728aec8a1bc3f
[BSP] 0acb6d5a44cf851a3fee16020cee4623 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 75393 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 154613760 | Size: 823 MB
User = LL1 ... OK
User = LL2 ... OK

MBAM Report:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/15/18
Scan Time: 7:31 PM
Log File: 093b12b0-5898-11e8-b470-ecf4bb24499a.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.365
Update Package Version: 1.0.5118
License: Trial

-System Information-
OS: Windows 10 (Build 16299.371)
CPU: x64
File System: NTFS
User: MAX\BEBOP

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 348393
Threats Detected: 3
Threats Quarantined: 2
Time Elapsed: 3 min, 44 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
Trojan.Yelloader, C:\USERS\BEBOP\APPDATA\LOCAL\WMCAGENT, Quarantined, [2649], [521697],1.0.5118
Trojan.Yelloader, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\wmcagent, Removal Failed, [2649], [521697],1.0.5118

File: 1
PUP.Optional.Conduit, C:\USERS\BEBOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [221], [454832],1.0.5118

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

AdwCleaner Results:

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build: 04-27-2018
# Database: 2018-05-14.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-15-2018
# Duration: 00:00:11
# OS: Windows 10 Home
# Scanned: 40858
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[antmanmax]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by BEBOP (administrator) on MAX (16-05-2018 17:55:17)
Running from C:\Users\BEBOP\Desktop
Loaded Profiles: BEBOP (Available Profiles: BEBOP & Administrator)
Platform: Windows 10 Home Version 1709 16299.371 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.2.4.1\WsAppService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(f.lux Software LLC) C:\Users\BEBOP\AppData\Local\FluxSoftware\Flux\flux.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareTactXMacroController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.114.1.39\OverwolfBrowser.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.114.1.39\OverwolfBrowser.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.114.1.39\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.114.1.39\OverwolfHelper64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Dell Inc.) C:\Program Files (x86)\Alienware Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Dell Inc.) C:\Program Files (x86)\Alienware Update\DellUpTray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Azureus Software, Inc) C:\Program Files (x86)\Vuze\Azureus.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(PC-Doctor, Inc.) C:\Program Files\Alienware\SupportAssist\imstrayicon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [14056 2014-10-30] (Alienware)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [NoteBurner] => C:\Program Files (x86)\NoteBurner\VTBurnerGUI.exe [4345856 2007-12-19] (NoteBurner.COM)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [366904 2015-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3428963390-2178166571-3703012988-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-02] (Valve Corporation)
HKU\S-1-5-21-3428963390-2178166571-3703012988-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18334528 2018-04-12] (Piriform Ltd)
HKU\S-1-5-21-3428963390-2178166571-3703012988-1001\...\Run: [Discord] => C:\Users\BEBOP\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-3428963390-2178166571-3703012988-1001\...\Run: [f.lux] => C:\Users\BEBOP\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-21-3428963390-2178166571-3703012988-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-12-21] (Nota Inc.)
HKU\S-1-5-21-3428963390-2178166571-3703012988-1001\...\Run: [Gaijin.Net Agent] => C:\Users\BEBOP\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2116168 2018-01-30] (Gaijin Entertainment)
HKU\S-1-5-21-3428963390-2178166571-3703012988-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1208648 2018-05-15] ()
HKU\S-1-5-21-3428963390-2178166571-3703012988-1001\...\MountPoints2: F - "F:\Setup.exe"
Startup: C:\Users\BEBOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-03-18] ()
Startup: C:\Users\BEBOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\landscape.lnk [2018-04-19]
ShortcutTarget: landscape.lnk -> C:\Program Files (x86)\Rapport\Adman.exe (No File)
Startup: C:\Users\BEBOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\landscapelandscape.lnk [2018-04-19]
ShortcutTarget: landscapelandscape.lnk -> C:\Program Files (x86)\inert\fy.exe (No File)
Startup: C:\Users\BEBOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-12-15]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{717570d3-2bd1-4a90-8857-320e4151b57e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c5e082f5-da24-4eea-a6ac-61e66b5e6177}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKU\S-1-5-21-3428963390-2178166571-3703012988-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-17] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-17] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

FireFox:
========
FF DefaultProfile: ihax6t3x.default
FF ProfilePath: C:\Users\BEBOP\AppData\Roaming\Mozilla\Firefox\Profiles\ihax6t3x.default [2018-05-16]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-05-07] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-05-07] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.tw/RCplugin -> C:\Users\BEBOP\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-05-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-05-13] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll [No File]
FF Plugin HKU\S-1-5-21-3428963390-2178166571-3703012988-1001: jpl.nasa.gov/NASAEyes -> C:\Users\BEBOP\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2017-08-11] (Jet Propulsion Laboratory)

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?SearchSource=10&ctid=CT3059010
CHR StartupUrls: Default -> "chrome://extensions/"
CHR Profile: C:\Users\BEBOP\AppData\Local\Google\Chrome\User Data\Default [2018-05-16]
CHR Extension: (Slides) - C:\Users\BEBOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-13]
CHR Extension: (Docs) - C:\Users\BEBOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-13]
CHR Extension: (Google Drive) - C:\Users\BEBOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-05-13]
CHR Extension: (YouTube) - C:\Users\BEBOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-13]
CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\BEBOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2018-05-13]
CHR Extension: (HP Print for Chrome) - C:\Users\BEBOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjanmonomjogheabiocdamfpknlpdehm [2018-05-13]
CHR Extension: (uBlock Origin) - C:\Users\BEBOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-05-13]
CHR Extension: (Sheets) - C:\Users\BEBOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-13]
CHR Extension: (HTTPS Everywhere) - C:\Users\BEBOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2018-05-13]
CHR Extension: (Google Docs Offline) - C:\Users\BEBOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-13]
CHR Extension: (Save to Google Drive) - C:\Users\BEBOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2018-05-13]
CHR Extension: (View Image) - C:\Users\BEBOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpcmhcelnjdmblfmjabdeclccemkghjk [2018-05-16]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\BEBOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2018-05-15]
CHR Extension: (Wicked Good Unarchiver) - C:\Users\BEBOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mljpablpddhocfbnokacjggdbmafjnon [2018-05-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BEBOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-13]
CHR Extension: (Personal Blocklist (by Google)) - C:\Users\BEBOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2018-05-13]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\BEBOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2018-05-13]
CHR Extension: (Gmail) - C:\Users\BEBOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-13]
CHR Extension: (Chrome Media Router) - C:\Users\BEBOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-13]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6076936 2018-05-08] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
R2 DellUpdate; C:\Program Files (x86)\Alienware Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-18] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-23] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1966408 2018-05-15] (Overwolf LTD)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-02-24] (Synaptics Incorporated)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.4.1\WsAppService.exe [417792 2016-07-12] (Wondershare) [File not signed]
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [103736 2015-09-22] (Wondershare)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-11-10] (OSR Open Systems Resources, Inc.)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-10] ()
R0 EMSC; C:\WINDOWS\System32\drivers\EMSC.SYS [17720 2012-07-10] ()
R0 EMSC; C:\Windows\SysWOW64\drivers\EMSC.SYS [15160 2012-07-10] ()
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-05-15] (Malwarebytes)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [27552 2016-01-03] (REALiX(tm))
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-09-29] (Qualcomm Atheros, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-05-15] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-05-16] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-05-16] (Malwarebytes)
R1 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253664 2018-05-10] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103648 2018-05-16] (Malwarebytes)
S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (Visicom Media Inc.)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-18] (Intel Corporation)
S3 ntcdrdrv; C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys [25680 2011-01-06] (NoteBurn Software)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_5a184893dfb38fc1\nvlddmkm.sys [17168744 2018-05-08] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2018-03-23] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [58816 2018-05-07] (NVIDIA Corporation)
S3 RAZERSEIREN; C:\WINDOWS\system32\DRIVERS\SEIREN.sys [3806920 2015-11-29] (Razer Inc.)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [865216 2018-05-14] (Realsil Semiconductor Corporation)
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [424384 2018-05-14] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72288 2017-02-24] (Synaptics Incorporated)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [84432 2017-03-27] (The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-04-25] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313888 2018-04-25] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61472 2018-04-25] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
S4 pbicvmra; System32\drivers\exhzbkgv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-16 02:12 - 2018-05-16 16:11 - 000000000 ____D C:\Users\BEBOP\AppData\Local\NFS Underground 2
2018-05-16 02:12 - 2018-05-16 02:12 - 000000804 _____ C:\Users\BEBOP\Desktop\Need for Speed Underground 2.lnk
2018-05-16 02:12 - 2018-05-16 02:12 - 000000804 _____ C:\Users\BEBOP\AppData\Roaming\Microsoft\Windows\Start Menu\Need for Speed Underground 2.lnk
2018-05-16 02:12 - 2018-05-16 02:12 - 000000000 ____D C:\Users\BEBOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2018-05-16 02:04 - 2018-05-16 02:04 - 000000000 ____D C:\Users\BEBOP\Documents\Vuze Downloads
2018-05-15 22:39 - 2018-05-15 22:40 - 000000000 ____D C:\WINDOWS\HP
2018-05-15 22:39 - 2018-05-15 22:39 - 000000000 ____D C:\swsetup
2018-05-15 22:27 - 2018-05-16 15:03 - 000103648 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-05-15 22:25 - 2018-05-15 22:25 - 000000000 ____D C:\Users\BEBOP\AppData\Local\vsohigz
2018-05-15 22:00 - 2018-05-15 22:14 - 000000000 ____D C:\Users\BEBOP\Desktop\New folder (2)
2018-05-15 19:37 - 2018-05-15 19:37 - 000000000 ____D C:\Users\BEBOP\AppData\Local\lmmweta
2018-05-15 19:01 - 2018-05-15 19:01 - 000000000 ____D C:\Users\BEBOP\AppData\Local\scslkur
2018-05-15 15:18 - 2018-05-04 05:37 - 000278448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Notifier.exe
2018-05-15 15:14 - 2018-05-15 15:14 - 000000000 ____D C:\Users\BEBOP\AppData\Local\exmwtlz
2018-05-15 06:04 - 2018-05-15 06:04 - 000003900 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2018-05-15 05:21 - 2018-05-16 15:08 - 000003614 _____ C:\WINDOWS\System32\Tasks\Pcd.DriverScan.VKP80
2018-05-15 05:21 - 2018-05-15 05:21 - 000000000 ____D C:\ProgramData\PC-Doctor, Inc
2018-05-15 05:05 - 2018-05-15 05:05 - 000004128 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2018-05-15 05:05 - 2018-05-15 05:05 - 000003580 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2018-05-15 05:05 - 2018-05-15 05:05 - 000003404 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
2018-05-15 05:05 - 2018-05-15 05:05 - 000003286 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2018-05-15 05:05 - 2018-05-15 05:05 - 000000000 ____D C:\ProgramData\PC-Doctor for Windows
2018-05-15 05:04 - 2018-05-15 05:04 - 002219736 _____ (Dell Inc) C:\Users\BEBOP\Downloads\aulauncher.exe
2018-05-15 04:32 - 2018-05-15 22:24 - 000092227 _____ C:\WINDOWS\system32\battery-report.html
2018-05-15 04:14 - 2018-05-15 04:14 - 011314776 _____ (Igor Pavlov) C:\Users\BEBOP\Downloads\VAS10A13.exe
2018-05-15 04:13 - 2018-05-15 04:13 - 000000000 ____D C:\Users\BEBOP\AppData\LocalLow\Intel
2018-05-15 04:03 - 2018-05-15 06:03 - 000000000 ____D C:\Program Files\Dell
2018-05-15 04:03 - 2018-05-15 04:03 - 000398288 _____ (Oleg N. Scherbakov) C:\Users\BEBOP\Downloads\SupportAssistLauncher.exe
2018-05-15 04:03 - 2018-05-15 04:03 - 000000000 ____D C:\ProgramData\SupportAssist
2018-05-15 04:03 - 2018-05-15 04:03 - 000000000 ____D C:\ProgramData\Dell Inc
2018-05-15 03:42 - 2018-05-15 03:42 - 000000000 ____D C:\Users\BEBOP\AppData\Local\scemkor
2018-05-15 03:41 - 2018-05-16 01:48 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-05-15 03:41 - 2018-05-16 01:48 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-05-15 03:41 - 2018-05-15 22:29 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-05-15 03:37 - 2018-05-15 03:37 - 000000000 ____D C:\Users\BEBOP\AppData\Local\nvhaxou
2018-05-15 02:55 - 2018-05-15 02:55 - 000000000 ____D C:\Users\BEBOP\AppData\Local\sidczat
2018-05-15 02:40 - 2018-05-15 02:40 - 000000000 ____D C:\Users\BEBOP\AppData\Local\mbsdoap
2018-05-15 02:34 - 2018-05-15 02:34 - 000000000 ____D C:\Users\BEBOP\AppData\Local\secudbx
2018-05-15 02:26 - 2018-05-15 02:26 - 000000000 ____D C:\Users\BEBOP\AppData\Local\vdswgma
2018-05-15 02:18 - 2018-05-15 02:18 - 000000000 ____D C:\Users\BEBOP\AppData\Local\upazrdt
2018-05-14 16:13 - 2018-05-14 16:13 - 001828618 _____ C:\Users\BEBOP\Downloads\mlb tickets 1.pdf
2018-05-14 16:13 - 2018-05-14 16:13 - 001565513 _____ C:\Users\BEBOP\Downloads\mlb tickets 2.pdf
2018-05-14 06:38 - 2018-05-14 06:38 - 000000000 ____D C:\Users\BEBOP\AppData\Local\exmtgks
2018-05-14 02:20 - 2018-05-14 02:20 - 000000000 ____D C:\Users\BEBOP\AppData\Local\cgrszdp
2018-05-14 02:17 - 2018-05-14 02:18 - 000000021 _____ C:\Users\BEBOP\Desktop\info tax.txt
2018-05-14 02:17 - 2018-05-14 02:17 - 000000000 ____D C:\Users\BEBOP\Desktop\New folder
2018-05-14 02:14 - 2018-05-14 02:14 - 018151984 _____ C:\Users\BEBOP\Downloads\0007-RtsXStor_10.0.370.188.zip
2018-05-14 02:14 - 2018-05-14 02:14 - 009891328 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2018-05-14 02:14 - 2018-05-14 02:14 - 000865216 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsPer.sys
2018-05-14 02:14 - 2018-05-14 02:14 - 000424384 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsUer.sys
2018-05-14 02:14 - 2018-05-14 02:14 - 000338880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsBaStor.sys
2018-05-14 02:14 - 2018-05-14 02:14 - 000329664 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsP2Stor.sys
2018-05-14 02:14 - 2018-05-14 02:14 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-05-13 23:47 - 2018-05-13 23:47 - 000013649 _____ C:\Users\BEBOP\Downloads\2017-taxdocuments-x9121-.pdf
2018-05-13 23:13 - 2018-05-13 23:13 - 000379392 _____ C:\Users\BEBOP\Downloads\subinacl.msi
2018-05-13 07:33 - 2018-05-13 07:33 - 000007500 _____ C:\Users\BEBOP\Downloads\ResetWUEng.zip
2018-05-13 07:33 - 2018-05-13 07:33 - 000000000 ____D C:\Users\BEBOP\Desktop\Reset Windows Update Tool
2018-05-13 03:37 - 2018-05-13 03:37 - 000000000 ____D C:\Users\BEBOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2018-05-13 03:35 - 2018-05-13 03:38 - 000000000 ____D C:\Users\BEBOP\AppData\Local\Google
2018-05-13 03:35 - 2018-05-13 03:35 - 000002388 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-13 03:35 - 2018-05-13 03:35 - 000002347 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-13 03:35 - 2018-05-13 03:35 - 000000000 ____D C:\Program Files (x86)\Google
2018-05-13 03:11 - 2018-05-13 03:11 - 000053006 _____ C:\Users\BEBOP\Desktop\Addition.txt
2018-05-13 03:10 - 2018-05-16 17:55 - 002413056 _____ (Farbar) C:\Users\BEBOP\Desktop\FRST64.exe
2018-05-13 03:10 - 2018-05-16 17:55 - 000025285 _____ C:\Users\BEBOP\Desktop\FRST.txt
2018-05-13 03:10 - 2018-05-16 17:55 - 000000000 ____D C:\Users\BEBOP\Desktop\FRST-OlderVersion
2018-05-13 02:58 - 2018-05-13 02:58 - 000000000 ____D C:\Users\BEBOP\AppData\LocalLow\Temp
2018-05-13 02:45 - 2018-05-13 02:45 - 000000000 ____D C:\Users\BEBOP\AppData\Local\dwskmpc
2018-05-13 02:42 - 2018-05-13 02:42 - 000000000 ____D C:\Users\BEBOP\AppData\Local\svrxedn
2018-05-13 02:39 - 2018-05-13 02:39 - 000000000 ____D C:\Users\BEBOP\AppData\Local\remlagx
2018-05-13 02:36 - 2018-05-13 02:37 - 000000000 ____D C:\AdwCleaner
2018-05-13 01:47 - 2018-05-13 01:47 - 000000000 ____D C:\Users\BEBOP\AppData\Local\cwstzpb
2018-05-12 23:31 - 2018-05-12 23:31 - 000000000 ____D C:\Users\BEBOP\AppData\Local\dtanwhx
2018-05-12 10:17 - 2018-05-12 10:17 - 000000000 ____D C:\Users\BEBOP\AppData\Local\wdebstm
2018-05-12 00:23 - 2018-05-12 00:23 - 000000000 ___HD C:\$Windows.~WS
2018-05-12 00:23 - 2018-05-12 00:23 - 000000000 ____D C:\$WINDOWS.~BT
2018-05-12 00:17 - 2018-05-12 00:30 - 000000000 ____D C:\ESD
2018-05-12 00:16 - 2018-05-12 00:16 - 000000000 ____D C:\Users\BEBOP\AppData\Local\usnarme
2018-05-10 22:40 - 2018-05-10 22:40 - 000000000 ____D C:\Users\BEBOP\AppData\Local\nvckbdw
2018-05-10 06:08 - 2018-05-10 06:08 - 000000000 ____D C:\Users\BEBOP\AppData\Local\dsilbcn
2018-05-10 05:54 - 2018-05-10 06:11 - 000000742 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2018-05-10 05:54 - 2018-05-10 05:54 - 000000000 ____D C:\Windows10Upgrade
2018-05-10 05:48 - 2018-05-16 02:06 - 000000000 ____D C:\Users\Administrator\AppData\Local\wmcagent
2018-05-10 05:48 - 2018-05-10 05:48 - 000000000 ____D C:\Users\Administrator\AppData\Local\CEF
2018-05-10 05:48 - 2018-05-10 05:48 - 000000000 ____D C:\Users\Administrator\AppData\Local\avbezis
2018-05-10 05:45 - 2018-05-15 06:13 - 000000000 ____D C:\Users\Administrator\AppData\Local\avoxrdt
2018-05-10 05:45 - 2018-05-10 05:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\svhxciz
2018-05-10 05:44 - 2018-05-10 05:44 - 000000000 ____D C:\Users\Administrator\AppData\Local\Comms
2018-05-10 05:37 - 2018-05-14 14:04 - 000000000 ____D C:\Users\Administrator\AppData\Local\ClassicShell
2018-05-10 05:37 - 2018-05-10 05:37 - 000003368 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3428963390-2178166571-3703012988-500
2018-05-10 05:37 - 2018-05-10 05:37 - 000002398 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-10 05:37 - 2018-05-10 05:37 - 000000000 ___RD C:\Users\Administrator\OneDrive
2018-05-10 05:37 - 2018-05-10 05:37 - 000000000 ____D C:\Users\Administrator\Documents\Alienware TactX
2018-05-10 05:37 - 2018-05-10 05:37 - 000000000 ____D C:\Users\Administrator\Documents\AlienFX
2018-05-10 05:37 - 2018-05-10 05:37 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\ClassicShell
2018-05-10 05:36 - 2018-05-15 02:37 - 000000000 ____D C:\Users\Administrator
2018-05-10 05:36 - 2018-05-14 06:38 - 000002343 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2018-05-10 05:36 - 2018-05-10 05:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2018-05-10 05:36 - 2018-05-10 05:38 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2018-05-10 05:36 - 2018-05-10 05:36 - 000000000 ___RD C:\Users\Administrator\3D Objects
2018-05-10 05:36 - 2018-05-10 05:36 - 000000000 ___HD C:\Users\Administrator\MicrosoftEdgeBackups
2018-05-10 05:36 - 2018-05-10 05:36 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2018-05-10 05:36 - 2018-05-10 05:36 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2018-05-10 05:36 - 2018-05-10 05:36 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2018-05-10 05:36 - 2018-05-10 05:36 - 000000000 ____D C:\Users\Administrator\AppData\Local\MicrosoftEdge
2018-05-10 05:36 - 2018-05-10 05:36 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2018-05-10 05:36 - 2018-05-10 05:36 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2018-05-10 05:36 - 2018-05-10 05:36 - 000000000 ____D C:\Users\Administrator\ansel
2018-05-10 05:24 - 2018-05-10 05:24 - 000000000 ____D C:\Users\BEBOP\AppData\Local\dwaezhv
2018-05-10 05:16 - 2018-05-10 05:16 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-05-10 04:44 - 2018-05-15 19:00 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-05-10 04:43 - 2018-05-15 18:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-05-10 04:43 - 2018-05-15 18:51 - 000000000 ____D C:\Program Files\RogueKiller
2018-05-10 04:43 - 2018-05-10 05:16 - 000000000 ____D C:\ProgramData\RogueKiller
2018-05-10 04:42 - 2018-05-10 04:42 - 000000000 ____D C:\Users\BEBOP\AppData\Local\rtsehwb
2018-05-10 04:39 - 2018-05-10 04:39 - 000000000 ____D C:\Users\BEBOP\AppData\Local\cwilpsd
2018-05-10 04:25 - 2018-05-10 04:25 - 000000000 ____D C:\Users\BEBOP\AppData\Local\dsolcbr
2018-05-10 04:22 - 2018-05-10 04:22 - 000000000 ____D C:\Users\BEBOP\AppData\Local\spstwbn
2018-05-10 04:17 - 2018-05-16 17:55 - 000000000 ____D C:\FRST
2018-05-10 04:17 - 2018-05-10 04:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-10 04:13 - 2018-05-10 04:13 - 000000000 ____D C:\Users\BEBOP\AppData\Local\sndizuo
2018-05-10 04:12 - 2018-05-10 04:12 - 000250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\15003B69.sys
2018-05-10 04:08 - 2018-05-10 04:08 - 000000000 ____D C:\Users\BEBOP\AppData\Local\csdzvpo
2018-05-10 04:07 - 2018-05-10 04:07 - 000250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2D0337C3.sys
2018-05-10 03:37 - 2018-05-10 03:37 - 000000000 ____D C:\Users\BEBOP\AppData\Local\sckngdv
2018-05-10 03:31 - 2018-05-10 03:31 - 000250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3B391C50.sys
2018-05-10 03:30 - 2018-05-10 03:30 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-10 03:29 - 2018-05-10 04:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-10 03:23 - 2018-05-10 03:23 - 000000000 ____D C:\Users\BEBOP\AppData\Local\sihkwgm
2018-05-10 03:13 - 2018-05-07 15:26 - 000132488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-05-10 03:12 - 2018-05-15 22:29 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-05-10 03:09 - 2018-05-08 17:22 - 001990688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439764.dll
2018-05-10 03:09 - 2018-05-08 17:22 - 001561504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-05-10 03:09 - 2018-05-08 17:22 - 001467992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439764.dll
2018-05-10 03:09 - 2018-05-08 17:22 - 001417816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-05-10 03:09 - 2018-05-08 17:22 - 001215576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-05-10 03:09 - 2018-05-08 17:22 - 001091432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-05-10 03:09 - 2018-05-08 17:22 - 000749928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-05-10 03:09 - 2018-05-08 17:22 - 000626776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-05-10 03:09 - 2018-05-08 17:22 - 000608704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2018-05-10 03:09 - 2018-05-08 17:22 - 000517888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-05-10 03:09 - 2018-05-08 17:21 - 040346984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-05-10 03:09 - 2018-05-08 17:21 - 035250776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-05-10 03:09 - 2018-05-08 17:21 - 031273728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-05-10 03:09 - 2018-05-08 17:21 - 025987296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-05-10 03:09 - 2018-05-08 17:21 - 013725744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-05-10 03:09 - 2018-05-08 17:21 - 011271400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-05-10 03:09 - 2018-05-08 17:21 - 004347832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-05-10 03:09 - 2018-05-08 17:21 - 003758496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-05-10 03:09 - 2018-05-08 17:21 - 001349712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-05-10 03:09 - 2018-05-08 17:21 - 001157392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-05-10 03:09 - 2018-05-08 17:21 - 001064424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-05-10 03:09 - 2018-05-08 17:21 - 000904720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-05-10 03:09 - 2018-05-08 17:21 - 000813912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-05-10 03:09 - 2018-05-08 17:21 - 000652344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-05-10 03:09 - 2018-05-08 17:20 - 017779440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-05-10 03:09 - 2018-05-08 17:20 - 015191088 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-05-10 03:00 - 2018-05-10 03:00 - 000000000 ____D C:\Users\BEBOP\AppData\Local\upkdhgc
2018-05-09 03:01 - 2018-05-09 03:01 - 000000000 ____D C:\Users\BEBOP\AppData\Local\wdcusbv
2018-05-09 01:55 - 2018-05-13 02:52 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-05-09 01:19 - 2018-05-09 01:19 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\512492E1.sys
2018-05-09 01:18 - 2018-05-09 01:18 - 000000000 ____D C:\Users\BEBOP\AppData\Local\exsbcwo
2018-05-09 01:13 - 2018-05-09 01:13 - 000000000 ____D C:\Users\BEBOP\AppData\Local\sikhcpw
2018-05-09 01:06 - 2018-05-13 01:45 - 000000000 ____D C:\WINDOWS\system32\Catroot2.bak
2018-05-09 00:58 - 2018-05-09 02:24 - 000000000 ____D C:\WINDOWS\SoftwareDistribution.bak
2018-05-09 00:22 - 2018-05-09 00:22 - 000000000 ____D C:\Users\BEBOP\AppData\Local\ranbuet
2018-05-09 00:18 - 2018-05-09 00:18 - 000030888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2018-05-09 00:18 - 2018-05-09 00:18 - 000029352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2018-05-09 00:17 - 2018-05-09 00:17 - 000019088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2018-05-09 00:17 - 2018-05-09 00:17 - 000019088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2018-05-09 00:15 - 2018-05-13 02:49 - 000000000 ____D C:\Users\BEBOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2018-05-09 00:15 - 2018-05-09 00:15 - 000000000 ____D C:\Program Files (x86)\Alienware Update
2018-05-09 00:05 - 2018-05-09 00:05 - 000000000 ____D C:\Users\BEBOP\AppData\Local\avngext
2018-05-08 16:55 - 2018-05-08 16:55 - 000000000 ____D C:\Users\BEBOP\AppData\Local\dtcbplz
2018-05-08 01:06 - 2018-04-27 22:04 - 001990584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439731.dll
2018-05-08 01:06 - 2018-04-27 22:04 - 001467992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439731.dll
2018-05-08 01:06 - 2018-04-24 15:33 - 000046064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2018-05-02 11:55 - 2018-05-02 11:55 - 000000000 ____D C:\Users\BEBOP\AppData\Local\wmmsdzo
2018-05-01 12:13 - 2018-05-01 12:13 - 000000000 ____D C:\Users\BEBOP\AppData\Local\nvhagxt
2018-04-30 18:56 - 2018-04-30 18:56 - 000000000 ____D C:\Users\BEBOP\AppData\Local\wenkxut
2018-04-29 17:55 - 2018-04-29 17:55 - 000000000 ____D C:\Users\BEBOP\AppData\Local\weramlp
2018-04-29 10:26 - 2018-04-29 10:26 - 000000000 ____D C:\Users\BEBOP\AppData\Local\pchaodk
2018-04-29 02:30 - 2018-05-13 03:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2018-04-29 02:30 - 2018-05-13 03:23 - 000000000 ____D C:\Program Files (x86)\NordVPN
2018-04-28 19:32 - 2018-04-28 19:32 - 000000000 ____D C:\Users\BEBOP\AppData\Local\svolmur
2018-04-28 06:46 - 2018-04-28 06:46 - 000000000 ____D C:\Users\BEBOP\AppData\Local\pseozkc
2018-04-28 02:26 - 2018-04-28 02:26 - 000000000 ____D C:\Users\BEBOP\AppData\Local\scmuwgh
2018-04-28 01:54 - 2018-04-28 01:54 - 000000000 ____D C:\Users\BEBOP\AppData\Local\snswdkx
2018-04-28 01:50 - 2018-05-13 03:21 - 000000000 ____D C:\Users\BEBOP\AppData\Local\SaferVPN
2018-04-28 01:50 - 2016-04-21 05:10 - 000027136 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2018-04-28 00:56 - 2018-04-28 00:56 - 000000000 ____D C:\Users\BEBOP\AppData\Local\iaknmcb
2018-04-28 00:49 - 2018-04-28 00:49 - 000000000 ____D C:\Users\BEBOP\AppData\Local\nicbzdt
2018-04-28 00:36 - 2018-04-28 00:36 - 000000000 ____D C:\ProgramData\NordVpn
2018-04-28 00:36 - 2018-04-28 00:36 - 000000000 ____D C:\ProgramData\Caphyon
2018-04-28 00:35 - 2018-04-28 00:36 - 000000000 ____D C:\Users\BEBOP\AppData\Local\NordVPN
2018-04-28 00:34 - 2018-05-02 11:59 - 000000000 ____D C:\Users\BEBOP\AppData\Roaming\NordVPN
2018-04-28 00:34 - 2018-04-28 00:34 - 000000000 ____D C:\Program Files\TAP-NordVPN
2018-04-27 03:33 - 2018-04-27 03:33 - 000000000 ____D C:\Users\BEBOP\AppData\Local\sbimknz
2018-04-26 21:32 - 2018-04-26 21:32 - 000000000 ____D C:\Users\BEBOP\AppData\Local\wecodbi
2018-04-25 22:27 - 2018-04-25 22:27 - 000000000 ____D C:\Users\BEBOP\AppData\Local\psbkgal
2018-04-25 20:27 - 2018-04-25 20:27 - 000000000 ____D C:\Users\BEBOP\AppData\Local\sceknbg
2018-04-25 07:25 - 2018-04-25 07:25 - 000000000 ____D C:\Users\BEBOP\AppData\Local\sprkxdc
2018-04-24 19:01 - 2018-04-24 19:01 - 000000000 ____D C:\Users\BEBOP\AppData\Local\svnlzoi
2018-04-23 20:59 - 2018-04-23 20:59 - 000000000 ____D C:\Users\BEBOP\AppData\Local\csakdrt
2018-04-22 21:57 - 2018-04-22 21:57 - 000000000 ____D C:\Users\BEBOP\AppData\Local\pwexvrg
2018-04-22 21:54 - 2018-04-22 21:54 - 000000000 ____D C:\Users\BEBOP\AppData\Local\cwaving
2018-04-22 21:39 - 2018-04-22 21:39 - 000000000 ____D C:\Users\BEBOP\AppData\Local\niakzpl
2018-04-22 01:06 - 2018-04-22 01:06 - 000000000 ____D C:\Users\BEBOP\AppData\Local\csdokxr
2018-04-21 13:19 - 2018-04-21 13:19 - 000000000 ____D C:\Users\BEBOP\AppData\Local\zaebltv
2018-04-20 20:17 - 2018-04-20 20:17 - 000000000 ____D C:\Users\BEBOP\AppData\Local\siaxcrd
2018-04-20 16:01 - 2018-04-20 16:01 - 000000000 ____D C:\Users\BEBOP\AppData\Local\cwhnutb
2018-04-19 23:04 - 2018-05-13 03:35 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-04-19 23:04 - 2018-05-13 03:35 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-04-19 23:03 - 2018-05-09 00:16 - 000000000 ____D C:\Users\BEBOP\AppData\Local\Deployment
2018-04-19 22:58 - 2018-04-19 22:58 - 000000000 ____D C:\Users\BEBOP\AppData\Local\msnkuat
2018-04-19 22:57 - 2018-05-16 17:44 - 000004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8864AFCE-56FE-4153-9B0C-07D6B653AB2C}
2018-04-19 22:48 - 2018-04-19 22:48 - 000000000 ____D C:\Users\BEBOP\AppData\Local\rahdleg
2018-04-19 22:33 - 2018-04-19 22:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard
2018-04-19 22:33 - 2018-04-19 22:33 - 000000000 ____D C:\Program Files\EaseUS
2018-04-19 22:24 - 2018-04-19 22:24 - 000000000 ____D C:\Users\BEBOP\AppData\Local\spmoewc
2018-04-19 22:19 - 2018-04-19 22:19 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\yvgzwbiu.sys
2018-04-19 22:08 - 2018-04-21 06:28 - 000000000 ____D C:\Users\BEBOP\AppData\Local\csiobtv
2018-04-19 22:05 - 2018-05-15 02:49 - 000000000 ____D C:\Users\BEBOP\AppData\Local\exibsud
2018-04-19 22:05 - 2018-04-19 22:05 - 000000000 ____D C:\Users\BEBOP\AppData\Local\cosxhun
2018-04-19 22:04 - 2018-05-15 22:23 - 002888704 _____ C:\WINDOWS\system32\snelowksvc.exe
2018-04-19 22:04 - 2018-05-09 01:09 - 000000000 ____D C:\Program Files (x86)\muting
2018-04-19 22:04 - 2018-04-19 22:04 - 000000012 _____ C:\WINDOWS\b20769684
2018-04-19 22:04 - 2018-04-19 22:04 - 000000000 ____D C:\WINDOWS\SysWOW64\dsmxcol
2018-04-19 22:04 - 2018-04-19 22:04 - 000000000 ____D C:\WINDOWS\system32\dsmxcol
2018-04-19 22:03 - 2018-04-19 22:03 - 000000000 ____D C:\Users\BEBOP\AppData\Roaming\et
2018-04-19 05:27 - 2018-04-19 05:27 - 002211328 _____ C:\WINDOWS\060f4e2c34031fa5f5020a7fab20e0cb.exe
2018-04-19 05:27 - 2018-04-19 05:27 - 000039553 _____ C:\WINDOWS\uninstaller.dat

 

[antmanmax]

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-16 17:55 - 2017-01-01 01:35 - 000000000 ____D C:\Users\BEBOP\AppData\Roaming\Azureus
2018-05-16 17:55 - 2016-12-26 15:21 - 000000000 ____D C:\Users\BEBOP\AppData\Local\ClassicShell
2018-05-16 17:54 - 2015-11-29 19:18 - 000000000 ____D C:\Program Files (x86)\Steam
2018-05-16 17:51 - 2018-01-12 03:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-16 12:25 - 2017-05-23 14:00 - 000000000 ____D C:\ProgramData\NVIDIA
2018-05-16 05:45 - 2015-11-29 21:43 - 000000000 _____ C:\Recovery.txt
2018-05-16 02:57 - 2018-01-12 02:41 - 000000000 ___DC C:\WINDOWS\Panther
2018-05-16 02:57 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-05-16 02:57 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-05-16 02:57 - 2016-03-29 19:00 - 000000000 ____D C:\Users\BEBOP\AppData\Roaming\TS3Client
2018-05-16 02:57 - 2015-12-15 03:58 - 000000000 ____D C:\Users\BEBOP\AppData\Roaming\MPC-HC
2018-05-16 02:05 - 2015-12-14 04:48 - 000001932 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2018-05-16 02:05 - 2015-12-14 04:48 - 000000000 ____D C:\Program Files (x86)\Vuze
2018-05-16 02:00 - 2015-12-02 02:37 - 000000000 ____D C:\Users\BEBOP\AppData\Local\Adobe
2018-05-16 01:54 - 2018-01-12 03:43 - 002486302 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-16 01:48 - 2018-01-12 03:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-16 01:48 - 2017-02-14 22:58 - 000000000 ____D C:\Users\BEBOP\AppData\Local\Overwolf
2018-05-16 01:14 - 2015-12-14 01:42 - 000000000 ____D C:\Users\BEBOP\AppData\Local\CrashDumps
2018-05-15 22:22 - 2018-01-12 03:32 - 000000000 ____D C:\Users\BEBOP
2018-05-15 22:21 - 2017-09-29 04:45 - 018874368 _____ C:\WINDOWS\system32\config\HARDWARE
2018-05-15 22:03 - 2016-12-16 22:37 - 000000000 ____D C:\Users\BEBOP\AppData\Roaming\foobar2000
2018-05-15 20:49 - 2017-05-25 12:06 - 000000000 ____D C:\Users\BEBOP\OSBuddy
2018-05-15 20:49 - 2016-06-22 16:26 - 000000044 _____ C:\Users\BEBOP\jagex_cl_oldschool_LIVE.dat
2018-05-15 20:23 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-05-15 20:22 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-15 20:22 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-15 19:35 - 2017-09-29 04:45 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-05-15 19:00 - 2017-02-14 22:58 - 000000000 ____D C:\Program Files (x86)\Overwolf
2018-05-15 16:03 - 2018-03-12 05:59 - 000000000 ____D C:\WINDOWS\Minidump
2018-05-15 15:25 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-15 15:13 - 2015-12-15 18:51 - 000000000 ____D C:\ProgramData\PCDr
2018-05-15 05:21 - 2018-01-12 03:32 - 000000000 ____D C:\Users\BEBOP\AppData\Local\Packages
2018-05-15 05:05 - 2015-12-15 18:50 - 000000000 ____D C:\Users\BEBOP\AppData\Roaming\PCDr
2018-05-15 05:05 - 2015-12-15 18:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alienware
2018-05-15 04:13 - 2015-12-15 18:59 - 000000000 ____D C:\Users\BEBOP\Documents\Dell Downloads
2018-05-15 02:40 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-05-14 02:14 - 2016-02-03 13:47 - 000400320 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsPStor.sys
2018-05-14 02:14 - 2015-12-15 18:59 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2018-05-14 01:50 - 2016-01-09 12:25 - 000000000 ___RD C:\Users\BEBOP\Desktop\desktop ****
2018-05-13 10:43 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\rescache
2018-05-13 07:35 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2018-05-13 03:21 - 2016-01-20 02:18 - 000000000 ____D C:\ProgramData\Skype
2018-05-12 00:13 - 2015-12-14 04:56 - 000000000 ____D C:\Program Files\Adobe
2018-05-12 00:13 - 2015-12-14 04:55 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-05-10 05:44 - 2017-09-29 09:46 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-05-10 05:36 - 2015-11-29 19:02 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-10 05:13 - 2015-11-29 21:31 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-05-10 03:14 - 2017-05-23 14:00 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-05-10 03:13 - 2016-03-07 18:13 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-05-10 03:10 - 2015-12-14 05:01 - 000000881 _____ C:\WINDOWS\system32\Drivers\etc\hosts.txt
2018-05-09 01:55 - 2015-12-12 04:26 - 000000000 ____D C:\Program Files\CCleaner
2018-05-09 01:09 - 2016-08-17 17:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-05-09 00:56 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\Catroot2.old
2018-05-09 00:49 - 2017-09-29 09:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-05-09 00:26 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-05-09 00:21 - 2015-12-15 18:59 - 000000000 ____D C:\ProgramData\dell
2018-05-08 17:20 - 2018-03-28 21:18 - 004814040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-05-08 17:20 - 2018-03-28 21:18 - 004089240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-05-08 01:09 - 2016-01-13 08:44 - 000000000 ____D C:\Users\BEBOP\AppData\Local\NVIDIA
2018-05-07 19:06 - 2016-02-22 10:46 - 000000000 ____D C:\Users\BEBOP\AppData\Roaming\discord
2018-05-07 19:06 - 2016-02-22 10:46 - 000000000 ____D C:\Users\BEBOP\AppData\Local\Discord
2018-05-07 17:04 - 2018-03-28 21:18 - 000058816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-05-07 17:04 - 2018-03-28 21:18 - 000044277 _____ C:\WINDOWS\system32\nvinfo.pb
2018-05-07 15:16 - 2018-03-28 21:22 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2018-05-07 15:15 - 2018-03-28 21:22 - 005947976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-05-07 15:15 - 2018-03-28 21:22 - 002612520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-05-07 15:15 - 2018-03-28 21:22 - 001767552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-05-07 15:15 - 2018-03-28 21:22 - 000634952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-05-07 15:15 - 2018-03-28 21:22 - 000450856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-05-07 15:15 - 2018-03-28 21:22 - 000124384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-05-07 15:15 - 2018-03-28 21:22 - 000083240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-05-02 13:32 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-02 12:09 - 2015-11-29 19:35 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-05-01 17:25 - 2017-09-29 09:49 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-05-01 17:25 - 2017-09-29 09:49 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-01 12:15 - 2018-01-12 03:37 - 000003354 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3428963390-2178166571-3703012988-1001
2018-05-01 12:15 - 2015-11-29 19:04 - 000002378 _____ C:\Users\BEBOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-01 12:15 - 2015-11-29 19:04 - 000000000 ___RD C:\Users\BEBOP\OneDrive
2018-04-27 22:06 - 2018-01-12 03:28 - 000552480 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2018-04-27 22:06 - 2018-01-12 03:28 - 000457144 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2018-04-25 20:30 - 2018-02-16 03:16 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-04-25 13:36 - 2016-01-02 23:13 - 000000000 ____D C:\Users\BEBOP\AppData\Local\NVIDIA Corporation
2018-04-25 02:18 - 2018-03-28 21:22 - 008173402 _____ C:\WINDOWS\system32\nvcoproc.bin
2018-04-24 15:33 - 2018-03-28 21:18 - 001688104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2018-04-24 15:33 - 2018-03-28 21:18 - 000226280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2018-04-17 22:04 - 2017-01-28 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-04-17 22:04 - 2016-01-06 05:53 - 000000000 ____D C:\Program Files (x86)\Java
2018-04-17 22:03 - 2017-04-04 15:49 - 000098760 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

==================== Files in the root of some directories =======

2017-05-13 09:09 - 2017-05-13 09:09 - 000000008 _____ () C:\Users\BEBOP\AppData\Roaming\00000602001520
2016-02-17 23:09 - 2016-02-17 23:09 - 000000112 _____ () C:\Users\BEBOP\AppData\Roaming\JP2K CS6 Prefs
2016-12-17 18:31 - 2016-12-27 00:08 - 002492308 _____ () C:\Users\BEBOP\AppData\Roaming\Requiem.log
2016-05-13 05:43 - 2017-11-16 11:59 - 000001456 _____ () C:\Users\BEBOP\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-06-11 12:34 - 2016-06-11 12:34 - 000000000 _____ () C:\Users\BEBOP\AppData\Local\Driver_LOM_8161Present.flag
2017-01-09 23:32 - 2017-01-09 23:32 - 000000069 _____ () C:\Users\BEBOP\AppData\Local\psppirerc
2017-01-09 23:32 - 2017-01-09 23:32 - 000000218 _____ () C:\Users\BEBOP\AppData\Local\recently-used.xbel
2016-12-24 03:08 - 2016-12-24 03:08 - 000007602 _____ () C:\Users\BEBOP\AppData\Local\Resmon.ResmonCfg
2017-07-09 05:01 - 2017-07-09 05:01 - 000000037 _____ () C:\Users\BEBOP\AppData\Local\X-Plane Installer.prf
2017-07-09 05:01 - 2017-07-10 14:51 - 000000015 _____ () C:\Users\BEBOP\AppData\Local\X-Plane_drm_11.prf
2017-07-09 04:51 - 2017-07-09 04:51 - 000000022 _____ () C:\Users\BEBOP\AppData\Local\x-plane_install_11.txt

Some files in TEMP:
====================
2018-05-16 02:04 - 2018-05-16 02:04 - 000035680 _____ () C:\Users\BEBOP\AppData\Local\Temp\i4jdel0.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-08 05:54

==================== End of FRST.txt ============================

 

[antmanmax]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by BEBOP (16-05-2018 17:55:50)
Running from C:\Users\BEBOP\Desktop
Windows 10 Home Version 1709 16299.371 (X64) (2018-01-12 07:39:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3428963390-2178166571-3703012988-500 - Administrator - Disabled) => C:\Users\Administrator
BEBOP (S-1-5-21-3428963390-2178166571-3703012988-1001 - Administrator - Enabled) => C:\Users\BEBOP
DefaultAccount (S-1-5-21-3428963390-2178166571-3703012988-503 - Limited - Disabled)
Guest (S-1-5-21-3428963390-2178166571-3703012988-501 - Limited - Disabled)
Maximillian (S-1-5-21-3428963390-2178166571-3703012988-1004 - Administrator - Enabled)
WDAGUtilityAccount (S-1-5-21-3428963390-2178166571-3703012988-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
ABILITY | PC-ACE® Claims Processing System (HKLM-x32\...\ABILITY | PC-ACE® Claims Processing System) (Version: - )
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.7.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.4.1.181 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1.2 - Adobe Systems Incorporated)
Alienware Command Center (HKLM\...\{5DBA5090-EAB9-4E1C-8F92-C71A1423F14C}) (Version: 3.6.4.0 - Alienware Corp.) Hidden
Alienware Command Center (HKLM-x32\...\InstallShield_{5DBA5090-EAB9-4E1C-8F92-C71A1423F14C}) (Version: 3.6.4.0 - Alienware Corp.)
Alienware On-Screen Display (HKLM-x32\...\{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.33.0.6C - ) Hidden
Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.33.0.6C - )
Alienware Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Curse Client (HKU\S-1-5-21-3428963390-2178166571-3703012988-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssistAgent (HKLM\...\{9DD6B149-CEBC-4910-B11A-242393EDF6D3}) (Version: 2.1.4.14 - Dell)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-3428963390-2178166571-3703012988-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 397.64 - NVIDIA Corporation) Hidden
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dungeon Keeper 2 (HKLM-x32\...\GOGPACKDUNGEONKEEPER2_is1) (Version: 2.0.0.32 - GOG.com)
Dungeon Keeper Gold (HKLM-x32\...\1207658934_is1) (Version: 2.1.0.7 - GOG.com)
dupeGuru (HKLM\...\{C11DACBD-8863-4AA4-94AD-708602F6F7EF}) (Version: 3.9.1 - Hardcoded Software)
dupeGuru Music Edition (HKLM-x32\...\{20C97A26-D524-4BBF-BB83-D01A00DBC4AF}) (Version: 6.7.0 - Hardcoded Software)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
EMSC (HKLM-x32\...\{FEF06E73-A519-4510-8CF3-B66041B91D8A}) (Version: 0.0.0.24C - Compal Electronics, Inc.) Hidden
f.lux (HKU\S-1-5-21-3428963390-2178166571-3703012988-1001\...\Flux) (Version: - f.lux Software LLC)
Fallout 4 v.1.1.30 (HKLM-x32\...\Fallout 4_is1) (Version: - )
foobar2000 v1.3.13 (HKLM-x32\...\foobar2000) (Version: 1.3.13 - Peter Pawlowski)
Game Capture HD v2.3.3.40 (HKLM-x32\...\Software_Elgato_Game Capture HD) (Version: 2.3.3.40 - Elgato Systems)
Game Capture HD60 Pro v1.1.0.149 (HKLM-x32\...\Software_Elgato_Game Capture HD60 Pro) (Version: 1.1.0.149 - Elgato Systems)
Game Capture HD60 v2.1.1.4 (HKLM-x32\...\Software_Elgato_Game Capture HD60) (Version: 2.1.1.4 - Elgato Systems)
GCFScape 1.8.6 (HKLM\...\GCFScape_is1) (Version: - Ryan Gregg)
Geeks3D FurMark 1.17.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
GOG.com Dungeon Keeper 2 (HKLM\...\{b6462b67-caf5-4a74-99df-cc2811bd1957}.sdb) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.170 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{FA1BBF34-E994-4310-95D7-BE93092B8E61}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gyazo 3.3.5 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
HD Video Converter Factory 9.1 (HKLM-x32\...\HD Video Converter Factory) (Version: 9.1 - WonderFox Soft, Inc.)
HWiNFO64 Version 5.10 (HKLM\...\HWiNFO64_is1) (Version: 5.10 - Martin Malík - REALiX)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Jedi Knight: Mysteries of the Sith (HKLM\...\{59830886-0fcf-4baa-8698-3ce4b9b8fc3d}.sdb) (Version: - )
Kinect for Windows Speech Recognition Language Pack (en-AU) (HKLM-x32\...\{48CEC0A3-AE10-4EE3-AC62-76D3D58792E5}) (Version: 11.0.7400.336 - Microsoft Corporation)
League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Mass Effect 3 version 1.5.5427.124 (HKLM-x32\...\Mass Effect 3_is1) (Version: 1.5.5427.124 - Mr DJ)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3428963390-2178166571-3703012988-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60825 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Moto Racer (HKLM-x32\...\1207658895_is1) (Version: 2.1.0.11 - GOG.com)
Movavi Video Editor 12 (HKLM-x32\...\Movavi Video Editor 12) (Version: 12.0.2 - Movavi)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
Need for Speed Underground 2 (HKLM-x32\...\Need for Speed Underground 2) (Version: - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.4 - Black Tree Gaming)
NoteBurner 2.11 (HKLM-x32\...\NoteBurner_is1) (Version: - NoteBurner.com)
NVIDIA 3D Vision Driver 397.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 397.64 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Graphics Driver 397.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 397.64 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5023.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5023.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5023.1000 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenMW 0.37.0 (HKLM-x32\...\OpenMW 0.37.0) (Version: 0.37.0 - OpenMW.org)
osu! (HKLM-x32\...\{d7f57fde-c6bb-4a1f-a99f-0f6044b37265}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version: - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.114.1.39 - Overwolf Ltd.)
PakkISO 0.4 (HKLM-x32\...\PakkISO_is1) (Version: PakkISO 0.4 by zorted, installer by BitLooter - )
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1053.0 - Passmark Software)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.4 - Power Software Ltd)
PSPP (HKLM-x32\...\PSPP) (Version: 0.10.4 - Free Software Foundation, Inc.)
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
RaidCall (HKLM-x32\...\RaidCall) (Version: 8.1.8-1.0.3112.146 - raidcall.com.ru)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.188 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.1 - Rockstar Games)
RogueKiller version 12.12.17.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.17.0 - Adlice Software)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Sid Meier's Civilization 5 (HKLM-x32\...\Sid Meier's Civilization 5_R.G. Mechanics_is1) (Version: - R.G. Mechanics, Panky)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)
SimCity 3000 Unlimited (HKLM-x32\...\2086050016_is1) (Version: 2.0.0.3 - GOG.com)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SPORE™ Collection (HKLM-x32\...\1948823323_is1) (Version: 2.0.0.5 - GOG.com)
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.55 - Synaptics Incorporated)
TAP-NordVPN 9.21.2 (HKLM\...\TAP-NordVPN) (Version: 9.21.2 - NordVPN.com)
TeamSpeak (HKU\S-1-5-21-3428963390-2178166571-3703012988-1001\...\Overwolf_jnabojaampcpfclojlbildognlnebnhfhibiielh) (Version: 1.0.0.1 - Overwolf app)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1F3E59DD-7DCE-4103-9528-57DA43134312}) (Version: 2.9.0.0 - Microsoft Corporation)
Uprising - Join or Die (HKLM-x32\...\1453195863_is1) (Version: 2.0.0.10 - GOG.com)
VirtualDJ 8 (HKLM-x32\...\{A978D904-1A7E-4FF2-AE62-4AC095623114}) (Version: 8.2.3710.0 - Atomix Productions)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VTFEdit 1.3.3 (HKLM\...\VTFEdit_is1) (Version: - Neil Jedrzejewski & Ryan Gregg)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.7.6.0 - Azureus Software, Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
WebClient (HKLM-x32\...\WebClient) (Version: - )
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22452 - Microsoft Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wondershare Dr.Fone for Android(Build 5.5.0.6) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 5.5.0.6 - Wondershare Software Co.,Ltd.)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version: - DOSBox Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3428963390-2178166571-3703012988-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-ACC55AF0B2C7}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3428963390-2178166571-3703012988-1001_Classes\CLSID\{11a56b70-05dd-4608-9f73-48c25228fa92}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2015-10-08] (Power Software Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2015-10-08] (Power Software Ltd)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-05-07] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2015-10-08] (Power Software Ltd)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02C0326E-DCEC-43D7-9067-5C92FDDAA68E} - \Microsoft\Windows\SMB\UninstallSMB1ClientTask -> No File <==== ATTENTION
Task: {0B17BBF2-E559-4028-AD3D-B79EF8D612DD} - \nanchang-consignments -> No File <==== ATTENTION
Task: {14A0D8DE-BC70-40AC-9964-48C0843CF380} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
Task: {16B19BFB-BF09-4532-80DE-59AE4AC453FD} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Alienware\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {178BFA2A-0EC2-4FEE-9B42-4CB1C845DCF8} - System32\Tasks\AdobeAAMUpdater-1.0-MAX-BEBOP => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated)
Task: {28A60274-4A51-4832-8B71-D0172D8885A2} - System32\Tasks\{BA3C746C-8218-44E1-8575-A9AAE7C0F099} => C:\WINDOWS\system32\pcalua.exe -a F:\AutoRun.exe -d F:\
Task: {2B433164-19E3-4F61-8D01-CC744153C794} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-04-10] (Microsoft Corporation)
Task: {32442FE4-836E-4302-BBC8-BB607B2386D7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-04-12] (Piriform Ltd)
Task: {37BA5F68-5AAE-420C-9BC2-6BD14F9C65CC} - \nico -> No File <==== ATTENTION
Task: {3BDA4AB9-9F0F-49A2-B14F-B3F4121BE0F6} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-03-23] (NVIDIA Corporation)
Task: {3DF8E018-BE64-4F0F-B845-1AEEE5CFB293} - System32\Tasks\AdobeGCInvoker-1.0-MAX-BEBOP => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {3F0357D3-8CDD-4427-8ACE-438E974BAE27} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {53CF3758-8A21-4CF8-A67F-41A4E72AB035} - System32\Tasks\{9F08252B-5B55-4718-9E89-AB1C80DC37B3} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\iTunes\iTunes.exe"
Task: {5B6FDCF4-5144-4989-9E44-AE0444DFF389} - System32\Tasks\{025C897E-DCD5-4AF7-BA1B-766D9967BCD5} => C:\WINDOWS\system32\pcalua.exe -a F:\AutoRun.exe -d F:\
Task: {5EBD4C11-0794-4B51-9EEC-0E8CC556FDC8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-03-23] (NVIDIA Corporation)
Task: {7513A96D-5144-409D-B549-A11E6BA63B46} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-04-12] (Piriform Ltd)
Task: {770B4BBC-00A2-464F-A8BE-5B59512B13D8} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2018-05-15] (Overwolf LTD)
Task: {78541D8A-C637-49F7-9D77-0D5C417A7FD2} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-23] (NVIDIA Corporation)
Task: {78A0FE29-C361-4853-B9A7-68F838BA1F71} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe [2018-05-04] (Microsoft Corporation)
Task: {81C28626-5C2C-4119-8FB0-34B45FE3DA2A} - System32\Tasks\{026750D6-53DD-4649-8B0A-066D9619DBFC} => C:\WINDOWS\system32\pcalua.exe -a F:\AutoRun.exe -d F:\
Task: {84935186-8F7E-4E3D-9802-A4BB6F212F7F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-13] (Google Inc.)
Task: {88440250-4A90-46B0-805C-F388010D1F58} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {8E252AD0-067E-4696-942D-204AB3F9953E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {8F2DA3A4-69CB-46F0-9E7B-E5D6C48F0D50} - \kee lopped -> No File <==== ATTENTION
Task: {92179B7A-76A1-42CF-B7D7-3A271FABBCFE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {922DCE22-5601-423C-8CB4-648A0DCE5B27} - \Microsoft\Windows\SMB\UninstallSMB1ServerTask -> No File <==== ATTENTION
Task: {A2187F8A-B321-4EF5-91A5-0317F9B46860} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-13] (Google Inc.)
Task: {AE9FF471-FDCF-4C13-B80E-535657C416CB} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {B045EC59-C81B-40D6-9931-8FBB5AE135DA} - System32\Tasks\Pcd.DriverScan.VKP80 => C:\Users\BEBOP\AppData\Roaming\PCDr\Downloads\DriverInstaller.exe [2018-05-15] (PC-Doctor, Inc.)
Task: {B27F3982-9EF4-4521-96F9-DA4912AD9D5C} - System32\Tasks\{7F9B4EFE-69C4-4490-9E13-3E3D224CCC13} => C:\WINDOWS\system32\pcalua.exe -a F:\AutoRun.exe -d F:\
Task: {BD88A8E9-F4A3-4E24-A17C-52F0A9B2E0E5} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-03-23] (NVIDIA Corporation)
Task: {BD8B3422-5A05-49CE-B82F-2A2B6688EC90} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {BE3CC7EF-ED57-4512-B09B-76661C0A6DBD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {C80B3A40-A50A-403A-B839-55402829CD2A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {D73D5EB2-0ACC-440F-ABEF-5C0E437A54D7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {D7DB1688-A7B9-410B-AD1A-86F6D68211A4} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-23] (NVIDIA Corporation)
Task: {DBEF75C2-03C3-48BF-A8D9-826748F94290} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-03-23] (NVIDIA Corporation)
Task: {DC235F07-60B5-4027-8AFA-A1466CC37218} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-23] (NVIDIA Corporation)
Task: {E05A6DB6-24D2-4C25-9065-006805FAF165} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Alienware\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {E3A66530-61FC-4D38-9E69-48EF7866B44F} - \inward_spillage -> No File <==== ATTENTION
Task: {F02BE675-3A9C-4A47-954C-96C4A0025E41} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-23] (NVIDIA Corporation)
Task: {F0EA0F18-C778-4F2E-92C0-3BF4E9FB99BC} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F3AF2C83-FD6D-495C-8832-00E74F02D690} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {FAB20DD2-9CC6-4935-BB07-91C95A7B3CAD} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2018-02-14] (Dell Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\BEBOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\BEBOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com

ShortcutWithArgument: C:\Users\BEBOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\HP Print for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=cjanmonomjogheabiocdamfpknlpdehm
ShortcutWithArgument: C:\Users\BEBOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Wicked Good Unarchiver.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mljpablpddhocfbnokacjggdbmafjnon
ShortcutWithArgument: C:\Users\BEBOP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

 

[antmanmax]

Says the rest of addition.txt is spam-like. I attached it to this post.

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[antmanmax]

Done as instructed, forum flagged fixlog for spam though

 

[Broni]

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by BEBOP (16-05-2018 18:12:01) Run:1
Running from C:\Users\BEBOP\Desktop
Loaded Profiles: BEBOP (Available Profiles: BEBOP & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3428963390-2178166571-3703012988-1001\...\MountPoints2: F - "F:\Setup.exe"
ShortcutTarget: landscape.lnk -> C:\Program Files (x86)\Rapport\Adman.exe (No File)
ShortcutTarget: landscapelandscape.lnk -> C:\Program Files (x86)\inert\fy.exe (No File)
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (No File)
FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [No File]
FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll [No File]
S4 pbicvmra; System32\drivers\exhzbkgv.sys [X]
2018-05-10 05:48 - 2018-05-16 02:06 - 000000000 ____D C:\Users\Administrator\AppData\Local\wmcagent
2017-05-13 09:09 - 2017-05-13 09:09 - 000000008 _____ () C:\Users\BEBOP\AppData\Roaming\00000602001520
2016-02-17 23:09 - 2016-02-17 23:09 - 000000112 _____ () C:\Users\BEBOP\AppData\Roaming\JP2K CS6 Prefs
2016-12-17 18:31 - 2016-12-27 00:08 - 002492308 _____ () C:\Users\BEBOP\AppData\Roaming\Requiem.log
2016-05-13 05:43 - 2017-11-16 11:59 - 000001456 _____ () C:\Users\BEBOP\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-06-11 12:34 - 2016-06-11 12:34 - 000000000 _____ () C:\Users\BEBOP\AppData\Local\Driver_LOM_8161Present.flag
2017-01-09 23:32 - 2017-01-09 23:32 - 000000069 _____ () C:\Users\BEBOP\AppData\Local\psppirerc
2017-01-09 23:32 - 2017-01-09 23:32 - 000000218 _____ () C:\Users\BEBOP\AppData\Local\recently-used.xbel
2016-12-24 03:08 - 2016-12-24 03:08 - 000007602 _____ () C:\Users\BEBOP\AppData\Local\Resmon.ResmonCfg
2017-07-09 05:01 - 2017-07-09 05:01 - 000000037 _____ () C:\Users\BEBOP\AppData\Local\X-Plane Installer.prf
2017-07-09 05:01 - 2017-07-10 14:51 - 000000015 _____ () C:\Users\BEBOP\AppData\Local\X-Plane_drm_11.prf
2017-07-09 04:51 - 2017-07-09 04:51 - 000000022 _____ () C:\Users\BEBOP\AppData\Local\x-plane_install_11.txt
2018-05-16 02:04 - 2018-05-16 02:04 - 000035680 _____ () C:\Users\BEBOP\AppData\Local\Temp\i4jdel0.exe
CustomCLSID: HKU\S-1-5-21-3428963390-2178166571-3703012988-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-ACC55AF0B2C7}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
Task: {02C0326E-DCEC-43D7-9067-5C92FDDAA68E} - \Microsoft\Windows\SMB\UninstallSMB1ClientTask -> No File <==== ATTENTION
Task: {0B17BBF2-E559-4028-AD3D-B79EF8D612DD} - \nanchang-consignments -> No File <==== ATTENTION
Task: {37BA5F68-5AAE-420C-9BC2-6BD14F9C65CC} - \nico -> No File <==== ATTENTION
Task: {8F2DA3A4-69CB-46F0-9E7B-E5D6C48F0D50} - \kee lopped -> No File <==== ATTENTION
Task: {922DCE22-5601-423C-8CB4-648A0DCE5B27} - \Microsoft\Windows\SMB\UninstallSMB1ServerTask -> No File <==== ATTENTION
Task: {E3A66530-61FC-4D38-9E69-48EF7866B44F} - \inward_spillage -> No File <==== ATTENTION
Task: {F0EA0F18-C778-4F2E-92C0-3BF4E9FB99BC} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\system32\Drivers\yvgzwbiu.sys:changelist [298]
AlternateDataStreams: C:\ProgramData\TEMP:66E02052 [123]

*****************

"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"HKU\S-1-5-21-3428963390-2178166571-3703012988-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => removed successfully
"C:\Program Files (x86)\Rapport\Adman.exe" => not found
"C:\Program Files (x86)\inert\fy.exe" => not found
"C:\Program Files\Rainmeter\Rainmeter.exe" => not found
"HKLM\Software\Wow6432Node\MozillaPlugins\@EDVR/WebClient" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\BYOND" => removed successfully
"HKLM\System\CurrentControlSet\Services\pbicvmra" => removed successfully
pbicvmra => service removed successfully
C:\Users\Administrator\AppData\Local\wmcagent => moved successfully
C:\Users\BEBOP\AppData\Roaming\00000602001520 => moved successfully
C:\Users\BEBOP\AppData\Roaming\JP2K CS6 Prefs => moved successfully
C:\Users\BEBOP\AppData\Roaming\Requiem.log => moved successfully
C:\Users\BEBOP\AppData\Local\Adobe Save for Web 13.0 Prefs => moved successfully
C:\Users\BEBOP\AppData\Local\Driver_LOM_8161Present.flag => moved successfully
C:\Users\BEBOP\AppData\Local\psppirerc => moved successfully
C:\Users\BEBOP\AppData\Local\recently-used.xbel => moved successfully
C:\Users\BEBOP\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\Users\BEBOP\AppData\Local\X-Plane Installer.prf => moved successfully
C:\Users\BEBOP\AppData\Local\X-Plane_drm_11.prf => moved successfully
C:\Users\BEBOP\AppData\Local\x-plane_install_11.txt => moved successfully
C:\Users\BEBOP\AppData\Local\Temp\i4jdel0.exe => moved successfully
"HKU\S-1-5-21-3428963390-2178166571-3703012988-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-ACC55AF0B2C7}" => removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxDTCM" => removed successfully
HKLM\Software\Classes\CLSID\{9B5F5829-A529-4B12-814A-E81BCB8D93FC} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02C0326E-DCEC-43D7-9067-5C92FDDAA68E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02C0326E-DCEC-43D7-9067-5C92FDDAA68E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SMB\UninstallSMB1ClientTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0B17BBF2-E559-4028-AD3D-B79EF8D612DD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B17BBF2-E559-4028-AD3D-B79EF8D612DD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\nanchang-consignments" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{37BA5F68-5AAE-420C-9BC2-6BD14F9C65CC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37BA5F68-5AAE-420C-9BC2-6BD14F9C65CC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\nico" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8F2DA3A4-69CB-46F0-9E7B-E5D6C48F0D50}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F2DA3A4-69CB-46F0-9E7B-E5D6C48F0D50}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\kee lopped" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{922DCE22-5601-423C-8CB4-648A0DCE5B27}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{922DCE22-5601-423C-8CB4-648A0DCE5B27}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SMB\UninstallSMB1ServerTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E3A66530-61FC-4D38-9E69-48EF7866B44F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3A66530-61FC-4D38-9E69-48EF7866B44F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\inward_spillage" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0EA0F18-C778-4F2E-92C0-3BF4E9FB99BC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0EA0F18-C778-4F2E-92C0-3BF4E9FB99BC}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
C:\WINDOWS\system32\Drivers\yvgzwbiu.sys => ":changelist" ADS removed successfully
C:\ProgramData\TEMP => ":66E02052" ADS removed successfully


The system needed a reboot.

==== End of Fixlog 18:12:09 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[antmanmax]

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 171
Java version 32-bit out of Date!
Mozilla Firefox (47.0)
Google Chrome (66.0.3359.170)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 27-01-2016
Ran by BEBOP (administrator) on 16-05-2018 at 18:44:24
Running from "C:\Users\BEBOP\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

Sophos found 0 threats.

 

[Broni]

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.

 

[antmanmax]

Thanks for all the help.

A couple of things:

1. Windows Defender won't restart. It seems the virus preventing it from starting is gone, but Security Check says that it can't open the registry key? How do I safely restore the registry information so that it restarts?

2. I still have this annoying conduit adware when it scans Google Chrome, it seems unrelated to the other infection that was removed but it troubles me as it seems that it's in my google sync info. Any information on how to remove this?

3. Teach me, master! Haha, seriously though, this stuff is really interesting, do you have any ideas on where to start with interpreting logfiles, creating FRST fix scripts, etc.?

 

[Broni]

3. I wish I had that much time but there are free schools if you're interested: https://uniteagainstmalware.com/

2. Yes, I saw it and I forgot about it.

Reset Chrome...
Click on "Customize and control Google Chrome":

Click "Settings" then "Show advanced settings" at the bottom of the screen.
Click "Reset browser settings" button.
Restart Chrome.

If the above didn't help....

Reinstall Chrome...
If you want to save your bookmarks...
How to Backup Bookmarks in Google Chrome
If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

• Close all Chrome windows and tabs.
• Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
• Click Programs and Features.
• Double-click Google Chrome.
• Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.

Install fresh copy.

1. I see Windows Defender registry key missing.

Instructions in my next post due to images posting issue.

See if the above tool will solve WD issue.

 

[Broni]

I see there is some issue with images regarding step 1. Hold on...

 

[Broni]

Instructions with images here: https://www.smartestcomputing.us.com/topic/105444-windows-repair/

 

[antmanmax]

Done as instructed, WD starts normally now, but Windows Update returns a 0x80070006 error. Did some trouble shooting, ran DISM, SFC, and Windows Update Troubleshooter. None seemed to work.